Merge OpenSSL 1.0.1c.

Approved by:	benl (maintainer)

206 files changed, 9890 insertions, 733 deletions

diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index e7fe8f3..06afecb 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index fbe7808..899b983 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ASN1_STRING_length 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index 0a93ba0..2288472 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ASN1_STRING_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index af0c593..7fea822 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index 5eb6838..c21c207 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -210,8 +210,8 @@ can be used to specify the format of \fBvalue\fR.
 .Sp
 If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused
 bits is set to zero.
-.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2
-.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString"
+.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 2
+.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC"
 These encode the corresponding string types. \fBvalue\fR represents the
 contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR.
 .IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index 345721e..88a4ad8f 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_ctrl 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index 2c9b0ca..ac7227a 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_f_base64 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index 2b99232..167f471 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_f_buffer 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index d0fedf1..a3bdd4d 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_f_cipher 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index b5f4917..1a00f28 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_f_md 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -184,6 +184,12 @@ data is passed through it.
 If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through
 a chain containing digest BIOs then this can be done by prepending
 a buffering \s-1BIO\s0.
+.PP
+Before OpenSSL 1.0.0 the call to \fIBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0
+had been initialized for example by calling \fIBIO_set_md()\fR ). In OpenSSL
+1.0.0 and later the context is always returned and the \s-1BIO\s0 is state is set
+to initialized. This allows applications to initialize the context externally
+if the standard calls such as \fIBIO_set_md()\fR are not sufficiently flexible.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index 789bcd9..b44edf1 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_f_null 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index 08f8f5e..2927cbc 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_f_ssl 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -436,6 +436,14 @@ a client and also echoes the request to standard output.
 \&
 \& BIO_free_all(sbio);
 .Ve
+.SH "BUGS"
+.IX Header "BUGS"
+In OpenSSL versions before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly,
+the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of
+decremented) and dissociated with the \s-1SSL\s0 \s-1BIO\s0 even if the \s-1SSL\s0 \s-1BIO\s0 was not
+explicitly being popped (e.g. a pop higher up the chain). Applications which
+included workarounds for this bug (e.g. freeing BIOs more than once) should
+be modified to handle this fix or they may free up an already freed \s-1BIO\s0.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index c9d3410..4ae2cef 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_find_type 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index dbff078..a56cd83 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_new 3"
-.TH BIO_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
new file mode 100644
index 0000000..5813612
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_new_CMS 3"
+.TH BIO_new_CMS 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& BIO_new_CMS \- CMS streaming filter BIO
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output
+of the filter is written to \fBout\fR. Any data written to the chain is
+automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type.
+.SH "NOTES"
+.IX Header "NOTES"
+The chain returned by this function behaves like a standard filter \s-1BIO\s0. It
+supports non blocking I/O. Content is processed and streamed on the fly and not
+all held in memory at once: so it is possible to encode very large structures.
+After all content has been written through the chain \fIBIO_flush()\fR must be called
+to finalise the structure.
+.PP
+The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR
+parameter of the \fBcms\fR creation function.
+.PP
+If an application wishes to write additional data to \fBout\fR BIOs should be
+removed from the chain using \fIBIO_pop()\fR and freed with \fIBIO_free()\fR until \fBout\fR
+is reached. If no additional data needs to be written \fIBIO_free_all()\fR can be
+called to free up the whole chain.
+.PP
+Any content written through the filter is used verbatim: no canonical
+translation is performed.
+.PP
+It is possible to chain multiple BIOs to, for example, create a triple wrapped
+signed, enveloped, signed structure. In this case it is the applications
+responsibility to set the inner content type of any outer CMS_ContentInfo
+structures.
+.PP
+Large numbers of small writes through the chain should be avoided as this will
+produce an output consisting of lots of \s-1OCTET\s0 \s-1STRING\s0 structures. Prepending
+a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this.
+.SH "BUGS"
+.IX Header "BUGS"
+There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode
+a \s-1CMS\s0 structure on the fly.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_encrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBIO_new_CMS()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index cc7f73f..2c3d0aa 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_push 3"
-.TH BIO_push 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_push 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index 1b2ada5..0de3d90 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_read 3"
-.TH BIO_read 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_read 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index e3dc63b..74982e5 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_accept 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index e122223..b7cce6f 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_bio 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index 824406c..ca8a608 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_connect 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index 27a15f0..fcfc75a 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_fd 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index 1f8f37e..f32998c 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_file 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -202,6 +202,10 @@ normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set.
 .PP
 Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks
 in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0.
+.PP
+On Windows BIO_new_files reserves for the filename argument to be
+\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\-
+lingual environment, encode file names in \s-1UTF\-8\s0.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 File \s-1BIO\s0 \*(L"hello world\*(R":
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index 53a9e83..0c3928a 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_mem 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -201,7 +201,7 @@ Writes to memory BIOs will always succeed if memory is available: that is
 their size can grow indefinitely.
 .PP
 Every read from a read write memory \s-1BIO\s0 will remove the data just read with
-an internal copy operation, if a \s-1BIO\s0 contains a lots of data and it is
+an internal copy operation, if a \s-1BIO\s0 contains a lot of data and it is
 read in small chunks the operation can be very slow. The use of a read only
 memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then adding
 a buffering \s-1BIO\s0 to the chain will speed up the process.
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index 33778d5..7ee54ba 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_null 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index 85d4562..a79f53e 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_s_socket 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index a47e7c7..1f3b22f 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_set_callback 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index ab3274d..e9ff155 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BIO_should_retry 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index 3b33223..200375e 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_BLINDING_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,8 +150,11 @@ functions.
 \&        BN_CTX *ctx);
 \& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
 \&        BN_CTX *ctx);
+\& #ifndef OPENSSL_NO_DEPRECATED
 \& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
 \& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+\& #endif
+\& CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
 \& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
 \& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
 \& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
@@ -182,11 +185,11 @@ the inverse blinding.
 functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR
 with \fBr\fR set to \s-1NULL\s0.
 .PP
-\&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR
-set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure,
-a field provided to users of \fB\s-1BN_BLINDING\s0\fR structure to help them
-provide proper locking if needed for multi-threaded use. The 
-\&\*(L"thread id\*(R" of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is zero.
+\&\fIBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR
+object within the \fB\s-1BN_BLINDING\s0\fR structure. This is to help users
+provide proper locking if needed for multi-threaded use. The \*(L"thread
+id\*(R" object of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is
+initialised to the thread id in which \fIBN_BLINDING_new()\fR was called.
 .PP
 \&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently
 there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and
@@ -210,8 +213,8 @@ or \s-1NULL\s0 in case of an error.
 \&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on
 success and 0 if an error occured.
 .PP
-\&\fIBN_BLINDING_get_thread_id()\fR returns the thread id (a \fBunsigned long\fR
-value) or 0 if not set.
+\&\fIBN_BLINDING_thread_id()\fR returns a pointer to the thread id object
+within a \fB\s-1BN_BLINDING\s0\fR object.
 .PP
 \&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags
 (a \fBunsigned long\fR value).
@@ -223,6 +226,9 @@ parameters or \s-1NULL\s0 on error.
 \&\fIbn\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
+BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it
+deprecates BN_BLINDING_set_thread_id and BN_BLINDING_get_thread_id.
+.PP
 BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id,
 BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags
 and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index a30920c..b21668c 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_CTX_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 4256c94..a8117cd 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_CTX_start 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index 73b77ab..18eac25 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_add 3"
-.TH BN_add 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_add 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index 1163968..9a3f4f9 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_add_word 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index db1e408..fae0189 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_bn2bin 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index 77a2c67..c255a48 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_cmp 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index 02518ec..8765868 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_copy 3"
-.TH BN_copy 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_copy 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index 4efe83e..1c3c3d7 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_generate_prime 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index 229d565..0bd6b79 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_mod_inverse 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index d8a3a4d..e2a1cf8 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index 5ca285e..8f27179 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index 8e82938..adcd7eb 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_new 3"
-.TH BN_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index 2c40a40..58513ea 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_num_bytes 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index 70fb7ec..00a5e05 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_rand 3"
-.TH BN_rand 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_rand 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index ff0cb38..1b8f75d 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_set_bit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index 52ee55b..9edf1ee 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_swap 3"
-.TH BN_swap 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_swap 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 8643350..0ecd4d7 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BN_zero 3"
-.TH BN_zero 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH BN_zero 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
new file mode 100644
index 0000000..f8fed51
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_add0_cert 3"
+.TH CMS_add0_cert 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_get1_crls, \- CMS certificate and CRL utility functions
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+\&
+\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_add0_cert()\fR and \fICMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR.
+must be of type signed data or enveloped data.
+.PP
+\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR.
+.PP
+\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
+returns any CRLs in \fBcms\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped
+data or an error will be returned.
+.PP
+For signed data certificates and CRLs are added to the \fBcertificates\fR and
+\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to
+\&\fBOriginatorInfo\fR.
+.PP
+As the \fB0\fR implies \fICMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it
+must not be freed up after the call as opposed to \fICMS_add1_cert()\fR where \fBcert\fR
+must be freed up.
+.PP
+The same certificate or \s-1CRL\s0 must not be added to the same cms structure more
+than once.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR and \fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR return
+1 for success and 0 for failure.
+.PP
+\&\fICMS_get1_certs()\fR and \fICMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs
+or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur
+in practice is if the \fBcms\fR type is invalid.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3),
+\&\fICMS_sign\fR\|(3),
+\&\fICMS_encrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_add0_cert()\fR, \fICMS_add1_cert()\fR, \fICMS_get1_certs()\fR, \fICMS_add0_crl()\fR
+and \fICMS_get1_crls()\fR were all first added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
new file mode 100644
index 0000000..c83eda9
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -0,0 +1,186 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_add1_recipient_cert 3"
+.TH CMS_add1_recipient_cert 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags);
+\&
+\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped
+data structure \fBcms\fR as a KeyTransRecipientInfo structure.
+.PP
+\&\fICMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using
+wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional
+values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped
+data structure \fBcms\fR as a KEKRecipientInfo structure.
+.PP
+The CMS_ContentInfo structure should be obtained from an initial call to
+\&\fICMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set.
+.SH "NOTES"
+.IX Header "NOTES"
+The main purpose of this function is to provide finer control over a \s-1CMS\s0
+enveloped data structure where the simpler \fICMS_encrypt()\fR function defaults are
+not appropriate. For example if one or more KEKRecipientInfo structures
+need to be added. New attributes can also be added using the returned
+CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions.
+.PP
+OpenSSL will by default identify recipient certificates using issuer name
+and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key
+identifier value instead. An error occurs if all recipient certificates do not
+have a subject key identifier extension.
+.PP
+Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR,
+specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap.
+If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used
+consistent with \fBkeylen\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR return an internal
+pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error
+occurs.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3),
+\&\fICMS_final\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_add1_recipient_cert()\fR and \fICMS_add0_recipient_key()\fR were added to OpenSSL
+0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
new file mode 100644
index 0000000..4ebaeb4
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -0,0 +1,194 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_compress 3"
+.TH CMS_compress 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+CMS_compress \- create a CMS CompressedData structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR
+is the compression algorithm to use or \fBNID_undef\fR to use the default
+algorithm (zlib compression). \fBin\fR is the content to be compressed.
+\&\fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+The only currently supported compression algorithm is zlib using the \s-1NID\s0
+NID_zlib_compression.
+.PP
+If zlib support is not compiled into OpenSSL then \fICMS_compress()\fR will return
+an error.
+.PP
+If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are
+prepended to the data.
+.PP
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
+required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then
+\&\fB\s-1CMS_TEXT\s0\fR is ignored.
+.PP
+If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
+returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
+.PP
+The compressed data is included in the CMS_ContentInfo structure, unless
+\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
+practice and is not supported by \fISMIME_write_CMS()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
+\&\fBnot\fR complete and outputting its contents via a function that does not
+properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
+results.
+.PP
+Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
+\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+\&\fIBIO_new_CMS()\fR.
+.PP
+Additional compression parameters such as the zlib compression level cannot
+currently be set.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_uncompress\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_compress()\fR was added to OpenSSL 0.9.8
+The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
new file mode 100644
index 0000000..3a94602
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_decrypt 3"
+.TH CMS_decrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_decrypt \- decrypt content from a CMS envelopedData structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData
+structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the
+recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and
+\&\fBflags\fR is an optional set of flags.
+.PP
+The \fBdcont\fR parameter is used in the rare case where the encrypted content
+is detached. It will normally be set to \s-1NULL\s0.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
+function or errors about unknown algorithms will occur.
+.PP
+Although the recipients certificate is not needed to decrypt the data it is
+needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0
+structure. If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried.
+.PP
+It is possible to determine the correct recipient key by other means (for
+example looking them up in a database) and setting them in the \s-1CMS\s0 structure
+in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this
+case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL\s0.
+.PP
+To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR
+and \fICMS_ReceipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and
+\&\fBcert\fR and \fBpkey\fR set to \s-1NULL\s0.
+.PP
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
+from the content. If the content is not of type \fBtext/plain\fR then an error is
+returned.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_decrypt()\fR returns either 1 for success or 0 for failure.
+The error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "BUGS"
+.IX Header "BUGS"
+The lack of single pass processing and the need to hold all data in memory as
+mentioned in \fICMS_verify()\fR also applies to \fICMS_decrypt()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_encrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
new file mode 100644
index 0000000..dd44cd5
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -0,0 +1,219 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_encrypt 3"
+.TH CMS_encrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_encrypt \- create a CMS envelopedData structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR
+is a list of recipient certificates. \fBin\fR is the content to be encrypted.
+\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+Only certificates carrying \s-1RSA\s0 keys are supported so the recipient certificates
+supplied to this function must all contain \s-1RSA\s0 public keys, though they do not
+have to be signed using the \s-1RSA\s0 algorithm.
+.PP
+\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
+because most clients will support it.
+.PP
+The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
+its parameters.
+.PP
+Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
+\&\fICMS_encrypt()\fR.
+.PP
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are
+prepended to the data.
+.PP
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
+required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then
+\&\fB\s-1CMS_TEXT\s0\fR is ignored.
+.PP
+OpenSSL will by default identify recipient certificates using issuer name
+and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key
+identifier value instead. An error occurs if all recipient certificates do not
+have a subject key identifier extension.
+.PP
+If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
+returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
+.PP
+If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
+returned to which additional recipients and attributes can be added before
+finalization.
+.PP
+The data being encrypted is included in the CMS_ContentInfo structure, unless
+\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
+practice and is not supported by \fISMIME_write_CMS()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
+\&\fBnot\fR complete and outputting its contents via a function that does not
+properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
+results.
+.PP
+Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
+\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+\&\fIBIO_new_CMS()\fR.
+.PP
+The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info
+structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR
+and \fICMS_add0_recipient_key()\fR.
+.PP
+The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients
+added later using \fICMS_add1_recipient_cert()\fR or \fICMS_add0_recipient_key()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_decrypt()\fR was added to OpenSSL 0.9.8
+The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
new file mode 100644
index 0000000..b52ae94
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -0,0 +1,165 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_final 3"
+.TH CMS_final 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_final \- finalise a CMS_ContentInfo structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_final()\fR finalises the structure \fBcms\fR. It's purpose is to perform any
+operations necessary on \fBcms\fR (digest computation for example) and set the
+appropriate fields. The parameter \fBdata\fR contains the content to be 
+processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after
+processing: this is only used with detached data and will usually be set to
+\&\s-1NULL\s0.
+.SH "NOTES"
+.IX Header "NOTES"
+This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It
+should only be used when streaming is not performed because the streaming
+I/O functions perform finalisation operations internally.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_final()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_encrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_final()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
new file mode 100644
index 0000000..e3ae9ad
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -0,0 +1,230 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_get0_RecipientInfos 3"
+.TH CMS_get0_RecipientInfos 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt \- CMS envelopedData RecipientInfo routines
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+\&
+\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+\&
+\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
+\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen);
+\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen);
+\&
+\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo
+structures associated with a \s-1CMS\s0 EnvelopedData structure.
+.PP
+\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR.
+It will currently return \s-1CMS_RECIPINFO_TRANS\s0, \s-1CMS_RECIPINFO_AGREE\s0,
+\&\s-1CMS_RECIPINFO_KEK\s0, \s-1CMS_RECIPINFO_PASS\s0, or \s-1CMS_RECIPINFO_OTHER\s0.
+.PP
+\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient
+identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which
+must be of type \s-1CMS_RECIPINFO_TRANS\s0. Either the keyidentifier will be set in
+\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR.
+.PP
+\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the
+CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS\s0.
+It returns zero if the comparison is successful and non zero if not.
+.PP
+\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with
+the CMS_RecipientInfo structure \fBri\fR, which must be of type
+\&\s-1CMS_RECIPINFO_TRANS\s0.
+.PP
+\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
+CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK\s0.  Any
+of the remaining parameters can be \s-1NULL\s0 if the application is not interested in
+the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written
+to the corresponding parameter. The keyEncryptionAlgorithm field is written to
+\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if
+present is written to \fBpdate\fR, if the \fBother\fR field is present the components
+\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and
+\&\fBpothertype\fR.
+.PP
+\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
+parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR,
+which must be of type \s-1CMS_RECIPINFO_KEK\s0.  It returns zero if the comparison is
+successful and non zero if not.
+.PP
+\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
+\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type
+\&\s-1CMS_RECIPINFO_KEK\s0.
+.PP
+\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure
+\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure
+first.
+.SH "NOTES"
+.IX Header "NOTES"
+The main purpose of these functions is to enable an application to lookup
+recipient keys using any appropriate technique when the simpler method
+of \fICMS_decrypt()\fR is not appropriate.
+.PP
+In typical usage and application will retrieve all CMS_RecipientInfo structures
+using \fICMS_get0_RecipientInfos()\fR and check the type of each using
+\&\fICMS_RecpientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure
+can be ignored or its key identifier data retrieved using an appropriate
+function. Then if the corresponding secret or private key can be obtained by
+any appropriate means it can then associated with the structure and
+\&\fICMS_RecpientInfo_decrypt()\fR called. If successful \fICMS_decrypt()\fR can be called
+with a \s-1NULL\s0 key to decrypt the enveloped content.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if
+an error occurs.
+.PP
+\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR, \fICMS_RecipientInfo_set0_pkey()\fR,
+\&\fICMS_RecipientInfo_kekri_get0_id()\fR, \fICMS_RecipientInfo_set0_key()\fR and
+\&\fICMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs.
+.PP
+\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR and \fICMS_RecipientInfo_kekri_cmp()\fR return 0
+for a successful comparison and non zero otherwise.
+.PP
+Any error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
new file mode 100644
index 0000000..748e0f8
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -0,0 +1,199 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_get0_SignerInfos 3"
+.TH CMS_get0_SignerInfos 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, CMS_set1_signer_certs \- CMS signedData signer functions.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+\&
+\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
+\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fICMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures
+associated with a \s-1CMS\s0 signedData structure.
+.PP
+\&\fICMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier
+associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the
+keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number
+in \fBissuer\fR and \fBsno\fR.
+.PP
+\&\fICMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer
+identifier \fBsi\fR. It returns zero if the comparison is successful and non zero
+if not.
+.PP
+\&\fICMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to
+\&\fBsigner\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The main purpose of these functions is to enable an application to lookup
+signers certificates using any appropriate technique when the simpler method
+of \fICMS_verify()\fR is not appropriate.
+.PP
+In typical usage and application will retrieve all CMS_SignerInfo structures
+using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using
+\&\s-1CMS\s0. It will then obtain the signer certificate by some unspecified means
+(or return and error if it cannot be found) and set it using
+\&\fICMS_SignerInfo_set1_signer_cert()\fR.
+.PP
+Once all signer certificates have been set \fICMS_verify()\fR can be used.
+.PP
+Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 is an error occur \fBor\fR if
+there are no signers this is not a problem in practice because the only
+error which can occur is if the \fBcms\fR structure is not of type signedData
+due to application error.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there
+are no signers or an error occurs.
+.PP
+\&\fICMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure.
+.PP
+\&\fICMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non
+zero otherwise.
+.PP
+\&\fICMS_SignerInfo_set1_signer_cert()\fR does not return a value.
+.PP
+Any error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
new file mode 100644
index 0000000..a54574f
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_get0_type 3"
+.TH CMS_get0_type 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType \- get and set CMS content types
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as
+and \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the
+CMS_ContentInfo structure based on this value.
+.PP
+\&\fICMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo
+structure. It should be called with \s-1CMS\s0 functions with the \fB\s-1CMS_PARTIAL\s0\fR
+flag and \fBbefore\fR the structure is finalised, otherwise the results are
+undefined.
+.PP
+\&\s-1ASN1_OBJECT\s0 *\fICMS_get0_eContentType()\fR returns a pointer to the embedded
+content type.
+.SH "NOTES"
+.IX Header "NOTES"
+As the \fB0\fR implies \fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return internal
+pointers which should \fBnot\fR be freed up. \fICMS_set1_eContentType()\fR copies the
+supplied \s-1OID\s0 and it \fBshould\fR be freed up after use.
+.PP
+The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value
+using \fIOBJ_obj2nid()\fR. For the currently supported content types the following
+values are returned:
+.PP
+.Vb 6
+\& NID_pkcs7_data
+\& NID_pkcs7_signed
+\& NID_pkcs7_digest
+\& NID_id_smime_ct_compressedData:
+\& NID_pkcs7_encrypted
+\& NID_pkcs7_enveloped
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_get0_type()\fR and \fICMS_get0_eContentType()\fR return and \s-1ASN1_OBJECT\s0 structure.
+.PP
+\&\fICMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred.  The
+error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_get0_type()\fR, \fICMS_set1_eContentType()\fR and \fICMS_get0_eContentType()\fR were all
+first added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
new file mode 100644
index 0000000..7ce6e54
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -0,0 +1,193 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_get1_ReceiptRequest 3"
+.TH CMS_get1_ReceiptRequest 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo);
+\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, STACK_OF(GENERAL_NAMES) **prto);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The
+\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set
+to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL\s0. If \fBreceiptList\fR is \s-1NULL\s0
+the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of
+the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR
+option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the
+\&\fBreceiptsTo\fR field value.
+.PP
+The \fICMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR
+to SignerInfo structure \fBsi\fR.
+.PP
+int \fICMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if
+any is found it is decoded and written to \fBprr\fR.
+.PP
+\&\fICMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request.
+The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR
+option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR
+otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR
+parameter is copied to \fBprto\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+For more details of the meaning of the fields see \s-1RFC2634\s0.
+.PP
+The contents of a signed receipt should only be considered meaningful if the
+corresponding CMS_ContentInfo structure can be successfully verified using
+\&\fICMS_verify()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or 
+\&\s-1NULL\s0 if an error occurred.
+.PP
+\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 is an error occurred.
+.PP
+\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and
+decoded. It returns 0 if a signed receipt request is not present and \-1 if
+it is present but malformed.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_sign_receipt\fR\|(3), \fICMS_verify\fR\|(3)
+\&\fICMS_verify_receipt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_ReceiptRequest_create0()\fR, \fICMS_add1_ReceiptRequest()\fR,
+\&\fICMS_get1_ReceiptRequest()\fR and \fICMS_ReceiptRequest_get0_values()\fR were added to
+OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
new file mode 100644
index 0000000..9db043d
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -0,0 +1,244 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_sign 3"
+.TH CMS_sign 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_sign \- create a CMS SignedData structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is
+the certificate to sign with, \fBpkey\fR is the corresponding private key.
+\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0
+structure (for example any intermediate CAs in the chain). Any or all of
+these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below.
+.PP
+The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
+.PP
+\&\fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+Any of the following flags (ored together) can be passed in the \fBflags\fR
+parameter.
+.PP
+Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If
+the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
+to the data.
+.PP
+If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the
+CMS_ContentInfo structure, the signer's certificate must still be supplied in
+the \fBsigncert\fR parameter though. This can reduce the size of the signature if
+the signers certificate can be obtained by other means: for example a
+previously signed message.
+.PP
+The data being signed is included in the CMS_ContentInfo structure, unless
+\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for
+CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed
+messages for example.
+.PP
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
+required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+.PP
+The SignedData structure includes several \s-1CMS\s0 signedAttributes including the
+signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an
+SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes
+will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are
+omitted.
+.PP
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192
+bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0.
+If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is
+not loaded.
+.PP
+OpenSSL will by default identify signing certificates using issuer name
+and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key
+identifier value instead. An error occurs if the signing certificate does not
+have a subject key identifier extension.
+.PP
+If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR
+structure is just initialized ready to perform the signing operation. The
+signing is however \fBnot\fR performed and the data to be signed is not read from
+the \fBdata\fR parameter. Signing is deferred until after the data has been
+written. In this way data can be signed in a single pass.
+.PP
+If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
+output to which additional signers and capabilities can be added before
+finalization.
+.PP
+If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is
+\&\fBnot\fR complete and outputting its contents via a function that does not
+properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable
+results.
+.PP
+Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
+\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+\&\fIBIO_new_CMS()\fR.
+.PP
+If a signer is specified it will use the default digest for the signing
+algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
+.PP
+If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is
+output.
+.PP
+The function \fICMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be
+suitable for many purposes. For finer control of the output format the
+\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the
+\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the
+function \fICMS_sign_add1_signer()\fR, non default digests can be used and custom
+attributes added. \fB\f(BICMS_final()\fB\fR must then be called to finalize the
+structure if streaming is not enabled.
+.SH "BUGS"
+.IX Header "BUGS"
+Some attributes such as counter signatures are not supported.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error
+occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_sign()\fR was added to OpenSSL 0.9.8
+.PP
+The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8,
+it is supported for embedded data in OpenSSL 1.0.0 and later.
diff --git a/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 b/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
new file mode 100644
index 0000000..4ab46af
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_sign_add1_signer.3
@@ -0,0 +1,224 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_sign_add1_signer 3"
+.TH CMS_sign_add1_signer 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_sign_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags);
+\&
+\& int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_sign_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private
+key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData
+structure \fBcms\fR.
+.PP
+The CMS_ContentInfo structure should be obtained from an initial call to
+\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a
+valid CMS_ContentInfo SignedData structure.
+.PP
+If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public
+key algorithm will be used.
+.PP
+Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo
+structure is not complete and must be finalized either by streaming (if
+applicable) or a call to \fICMS_final()\fR.
+.PP
+The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo
+structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags
+are both set.
+.SH "NOTES"
+.IX Header "NOTES"
+The main purpose of \fICMS_sign_add1_signer()\fR is to provide finer control
+over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults
+are not appropriate. For example if multiple signers or non default digest
+algorithms are needed. New attributes can also be added using the returned
+CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the
+\&\s-1CMS\s0 signed receipt request functions.
+.PP
+Any of the following flags (ored together) can be passed in the \fBflags\fR
+parameter.
+.PP
+If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content
+digest value from the CMS_ContentInfo structure: to add a signer to an existing
+structure.  An error occurs if a matching digest value cannot be found to copy.
+The returned CMS_ContentInfo structure will be valid and finalized when this
+flag is set.
+.PP
+If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the 
+CMS_SignerInfo structure will not be finalized so additional attributes
+can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is
+needed to finalize it.
+.PP
+If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the
+CMS_ContentInfo structure, the signer's certificate must still be supplied in
+the \fBsigncert\fR parameter though. This can reduce the size of the signature if
+the signers certificate can be obtained by other means: for example a
+previously signed message.
+.PP
+The SignedData structure includes several \s-1CMS\s0 signedAttributes including the
+signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an
+SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes
+will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are
+omitted.
+.PP
+OpenSSL will by default identify signing certificates using issuer name
+and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key
+identifier value instead. An error occurs if the signing certificate does not
+have a subject key identifier extension.
+.PP
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192
+bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0.
+If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is
+not loaded.
+.PP
+\&\fICMS_sign_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
+structure just added, this can be used to set additional attributes 
+before it is finalized.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_sign1_add_signers()\fR returns an internal pointer to the CMS_SignerInfo
+structure just added or \s-1NULL\s0 if an error occurs.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_final\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_sign_add1_signer()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
new file mode 100644
index 0000000..8293207
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -0,0 +1,169 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_sign_receipt 3"
+.TH CMS_sign_receipt 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_sign_receipt \- create a CMS signed receipt
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is
+the \fBCMS_SignerInfo\fR structure containing the signed receipt request.
+\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding
+private key.  \fBcerts\fR is an optional additional set of certificates to include
+in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain).
+.PP
+\&\fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+This functions behaves in a similar way to \fICMS_sign()\fR except the flag values
+\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR
+are not supported since they do not make sense in the context of signed
+receipts.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if
+an error occurred.  The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3),
+\&\fICMS_verify_receipt\fR\|(3),
+\&\fICMS_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_sign_receipt()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
new file mode 100644
index 0000000..c94fb5f
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -0,0 +1,177 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_uncompress 3"
+.TH CMS_uncompress 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_uncompress \- uncompress a CMS CompressedData structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0
+CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and
+\&\fBflags\fR is an optional set of flags.
+.PP
+The \fBdcont\fR parameter is used in the rare case where the compressed content
+is detached. It will normally be set to \s-1NULL\s0.
+.SH "NOTES"
+.IX Header "NOTES"
+The only currently supported compression algorithm is zlib: if the structure
+indicates the use of any other algorithm an error is returned.
+.PP
+If zlib support is not compiled into OpenSSL then \fICMS_uncompress()\fR will always
+return an error.
+.PP
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
+from the content. If the content is not of type \fBtext/plain\fR then an error is
+returned.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can
+be obtained from \fIERR_get_error\fR\|(3)
+.SH "BUGS"
+.IX Header "BUGS"
+The lack of single pass processing and the need to hold all data in memory as
+mentioned in \fICMS_verify()\fR also applies to \fICMS_decompress()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_compress\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_uncompress()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
new file mode 100644
index 0000000..4b396b1
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -0,0 +1,248 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_verify 3"
+.TH CMS_verify 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_verify \- verify a CMS SignedData structure
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, unsigned int flags);
+\&
+\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo
+structure to verify. \fBcerts\fR is a set of certificates in which to search for
+the signing certificate(s). \fBstore\fR is a trusted certificate store used for
+chain verification. \fBindata\fR is the detached content if the content is not
+present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL\s0.
+.PP
+\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
+operation.
+.PP
+\&\fICMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must
+be called after a successful \fICMS_verify()\fR operation.
+.SH "VERIFY PROCESS"
+.IX Header "VERIFY PROCESS"
+Normally the verify process proceeds as follows.
+.PP
+Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must
+be SignedData. There must be at least one signature on the data and if
+the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR.
+.PP
+An attempt is made to locate all the signing certificate(s), first looking in
+the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any
+certificates contained in the \fBcms\fR structure itself. If any signing
+certificate cannot be located the operation fails.
+.PP
+Each signing certificate is chain verified using the \fBsmimesign\fR purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal
+CRLs are used in addition to attempting to look them up in \fBstore\fR. If any
+chain verify fails an error code is returned.
+.PP
+Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0)
+and the signature's checked.
+.PP
+If all signature's verify correctly then the function is successful.
+.PP
+Any of the following flags (ored together) can be passed in the \fBflags\fR
+parameter to change the default verify behaviour.
+.PP
+If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not
+searched when locating the signing certificate(s). This means that all the
+signing certificates must be in the \fBcerts\fR parameter.
+.PP
+If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any
+CRLs in the message itself are ignored.
+.PP
+If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
+from the content. If the content is not of type \fBtext/plain\fR then an error is
+returned.
+.PP
+If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not
+verified.
+.PP
+If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not 
+verified.
+.PP
+If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked.
+.SH "NOTES"
+.IX Header "NOTES"
+One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the \fBcerts\fR parameter. In this case if the signer is not one of the
+certificates supplied in \fBcerts\fR then the verify will fail because the
+signer cannot be found.
+.PP
+In some cases the standard techniques for looking up and validating
+certificates are not appropriate: for example an application may wish to 
+lookup certificates in a database or perform customised verification. This
+can be achieved by setting and verifying the signers certificates manually 
+using the signed data utility functions.
+.PP
+Care should be taken when modifying the default verify behaviour, for example
+setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification 
+and any modified content will be considered valid. This combination is however
+useful if one merely wishes to write the content to \fBout\fR and its validity
+is not considered important.
+.PP
+Chain verification should arguably be performed using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_verify()\fR returns 1 for a successful verification and zero if an error
+occurred.
+.PP
+\&\fICMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred.
+.PP
+The error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "BUGS"
+.IX Header "BUGS"
+The trusted certificate store is not searched for the signing certificate,
+this is primarily due to the inadequacies of the current \fBX509_STORE\fR
+functionality.
+.PP
+The lack of single pass processing means that the signed content must all
+be held in memory if it is not detached.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_verify()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
new file mode 100644
index 0000000..fadb829
--- /dev/null
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -0,0 +1,171 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CMS_verify_receipt 3"
+.TH CMS_verify_receipt 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CMS_verify_receipt \- verify a CMS signed receipt
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed
+receipt to verify. \fBocms\fR is the original SignedData structure containing the
+receipt request. \fBcerts\fR is a set of certificates in which to search for the
+signing certificate. \fBstore\fR is a trusted certificate store (used for chain
+verification).
+.PP
+\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
+operation.
+.SH "NOTES"
+.IX Header "NOTES"
+This functions behaves in a similar way to \fICMS_verify()\fR except the flag values
+\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not
+supported since they do not make sense in the context of signed receipts.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICMS_verify_receipt()\fR returns 1 for a successful verification and zero if an
+error occurred.
+.PP
+The error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3),
+\&\fICMS_sign_receipt\fR\|(3),
+\&\fICMS_verify\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICMS_verify_receipt()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index eabe9e8..2770aa3 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH CONF_modules_free 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index e2ef889..a08b707 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH CONF_modules_load_file 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
index 8f122d5..ae6278d 100644
--- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index 799e1eb..cbfddf8 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DH_generate_key 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index 49fc852..926cdb0 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DH_generate_parameters 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
index cee2587..2e95295 100644
--- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index 0ef235c..cb4fe94 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_new 3"
-.TH DH_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DH_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index 981d996..dba792e 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DH_set_method 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index fbfb1d6..59e5093 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DH_size 3"
-.TH DH_size 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DH_size 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 7f32904..192c170 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_SIG_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index f6ee9fb..ff6f813 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_do_sign 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index c329d45..3c31750 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_dup_DH 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index a2a73dd..311ea8e 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_generate_key 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index 1482b54..bf94062 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_generate_parameters 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
index 30c2a28..11be88c 100644
--- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -134,7 +134,7 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specif
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 .Vb 1
-\& #include <openssl/DSA.h>
+\& #include <openssl/dsa.h>
 \&
 \& int DSA_get_ex_new_index(long argl, void *argp,
 \&                CRYPTO_EX_new *new_func,
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index 8d9d0ed..7bc3c63 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_new 3"
-.TH DSA_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index 3be5145..c9487a3 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_set_method 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index 496ff0d..e10b2c3 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_sign 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index 0f270c2..29d7b3b 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "DSA_size 3"
-.TH DSA_size 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH DSA_size 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index 65c4068..80c9672 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_GET_LIB 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index e922f59..491cf01 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_clear_error 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index e72af5c..27ea126 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_error_string 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index 6f6cbac..9b5831a 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_get_error 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index 50e87ec..076710f 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 9a01722..25f8e23 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_load_strings 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index 2ce4acc..34939af 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_print_errors 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index df07158..d14b247 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_put_error 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index 1e59956..86d5400 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_remove_state 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index d9e10aa..3da4ea2 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ERR_set_mark 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 831bcd9..1b8d3bd 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_BytesToKey 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index f7d5ea7..f5b94c0 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_DigestInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -134,7 +134,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256,
+EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
 EVP digest routines
 .SH "SYNOPSIS"
@@ -161,16 +162,15 @@ EVP digest routines
 \&
 \& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
 \&
-\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+\& #define EVP_MAX_MD_SIZE 64     /* SHA512 */
 \&
+\& int EVP_MD_type(const EVP_MD *md);
+\& int EVP_MD_pkey_type(const EVP_MD *md);        
+\& int EVP_MD_size(const EVP_MD *md);
+\& int EVP_MD_block_size(const EVP_MD *md);
 \&
-\& #define EVP_MD_type(e)                 ((e)\->type)
-\& #define EVP_MD_pkey_type(e)            ((e)\->pkey_type)
-\& #define EVP_MD_size(e)                 ((e)\->md_size)
-\& #define EVP_MD_block_size(e)           ((e)\->block_size)
-\&
-\& #define EVP_MD_CTX_md(e)               (e)\->digest)
-\& #define EVP_MD_CTX_size(e)             EVP_MD_size((e)\->digest)
+\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+\& #define EVP_MD_CTX_size(e)             EVP_MD_size(EVP_MD_CTX_md(e))
 \& #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)\->digest)
 \& #define EVP_MD_CTX_type(e)             EVP_MD_type((e)\->digest)
 \&
@@ -184,6 +184,11 @@ EVP digest routines
 \& const EVP_MD *EVP_mdc2(void);
 \& const EVP_MD *EVP_ripemd160(void);
 \&
+\& const EVP_MD *EVP_sha224(void);
+\& const EVP_MD *EVP_sha256(void);
+\& const EVP_MD *EVP_sha384(void);
+\& const EVP_MD *EVP_sha512(void);
+\&
 \& const EVP_MD *EVP_get_digestbyname(const char *name);
 \& #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 \& #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -252,15 +257,19 @@ normally used when setting \s-1ASN1\s0 OIDs.
 .PP
 \&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated
 with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will
-return \fBNID_sha1WithRSAEncryption\fR. This \*(L"link\*(R" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
+return \fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms
+are no longer linked this function is only retained for compatibility
+reasons.
 .PP
-\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR
-return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest
-algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case.
+\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_sha224()\fR, \fIEVP_sha256()\fR,
+\&\fIEVP_sha384()\fR, \fIEVP_sha512()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR
+structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MDC2\s0
+and \s-1RIPEMD160\s0 digest algorithms respectively.
 .PP
 \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
-algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm.
+algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is 
+no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
+however retained for compatibility.
 .PP
 \&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
 returns is of zero length.
@@ -295,8 +304,8 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
 .PP
-\&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
+New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. 
+The other digest algorithms are still in common use.
 .PP
 For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
 set to \s-1NULL\s0 to use the default digest implementation.
@@ -310,6 +319,22 @@ implementations of digests to be specified.
 .PP
 In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
 memory leaks will occur.
+.PP
+Stack allocation of \s-1EVP_MD_CTX\s0 structures is common, for example:
+.PP
+.Vb 2
+\& EVP_MD_CTX mctx;
+\& EVP_MD_CTX_init(&mctx);
+.Ve
+.PP
+This will cause binary compatibility issues if the size of \s-1EVP_MD_CTX\s0
+structure changes (this will only happen with a major release of OpenSSL).
+Applications wishing to avoid this should use \fIEVP_MD_CTX_create()\fR instead:
+.PP
+.Vb 2
+\& EVP_MD_CTX *mctx;
+\& mctx = EVP_MD_CTX_create();
+.Ve
 .SH "EXAMPLE"
 .IX Header "EXAMPLE"
 This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
@@ -321,7 +346,7 @@ digest name passed on the command line.
 \&
 \& main(int argc, char *argv[])
 \& {
-\& EVP_MD_CTX mdctx;
+\& EVP_MD_CTX *mdctx;
 \& const EVP_MD *md;
 \& char mess1[] = "Test Message\en";
 \& char mess2[] = "Hello World\en";
@@ -342,23 +367,18 @@ digest name passed on the command line.
 \&        exit(1);
 \& }
 \&
-\& EVP_MD_CTX_init(&mdctx);
-\& EVP_DigestInit_ex(&mdctx, md, NULL);
-\& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
-\& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
-\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
-\& EVP_MD_CTX_cleanup(&mdctx);
+\& mdctx = EVP_MD_CTX_create();
+\& EVP_DigestInit_ex(mdctx, md, NULL);
+\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+\& EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+\& EVP_MD_CTX_destroy(mdctx);
 \&
 \& printf("Digest is: ");
 \& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
 \& printf("\en");
 \& }
 .Ve
-.SH "BUGS"
-.IX Header "BUGS"
-The link between digests and signing algorithms results in a situation where
-\&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0
-even though they are identical digests.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
@@ -376,3 +396,10 @@ and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7.
 \&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR,
 \&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were
 changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7.
+.PP
+The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
+later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0, there is no need to
+use \fIEVP_dss1()\fR any more.
+.PP
+OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the
+default configuration due to its security weaknesses.
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
new file mode 100644
index 0000000..38ee960
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -0,0 +1,209 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_DigestSignInit 3"
+.TH EVP_DigestSignInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+\&                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
+.PP
+\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
+\&\s-1ENGINE\s0 \fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
+\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
+\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can
+be used to set alternative signing options.
+.PP
+\&\fIEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+signature context \fBctx\fR. This function can be called several times on the
+same \fBctx\fR to include additional data. This function is currently implemented
+usig a macro.
+.PP
+\&\fIEVP_DigestSignFinal()\fR signs the data in \fBctx\fR places the signature in \fBsig\fR.
+If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to
+the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the
+\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer, if the
+call is successful the signature is written to \fBsig\fR and the amount of data
+written to \fBsiglen\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_DigestSignInit()\fR \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignaFinal()\fR return
+1 for success and 0 or a negative value for failure. In particular a return
+value of \-2 indicates the operation is not supported by the public key
+algorithm.
+.PP
+The error codes can be obtained from \fIERR_get_error\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+.PP
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
+needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and
+the use of clone digest is now discouraged.
+.PP
+For some key types and parameters the random number generator must be seeded
+or the operation will fail.
+.PP
+The call to \fIEVP_DigestSignFinal()\fR internally finalizes a copy of the digest
+context. This means that calls to \fIEVP_DigestSignUpdate()\fR and
+\&\fIEVP_DigestSignFinal()\fR can be called later to digest and sign additional data.
+.PP
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
+will occur.
+.PP
+The use of \fIEVP_PKEY_size()\fR with these functions is discouraged because some
+signature operations may have a signature length which depends on the
+parameters set. As a result \fIEVP_PKEY_size()\fR would have to return a value
+which indicates the maximum possible signature for any set of parameters.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_DigestVerifyInit\fR\|(3),
+\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
+\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
+\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
+\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_DigestSignInit()\fR, \fIEVP_DigestSignUpdate()\fR and \fIEVP_DigestSignFinal()\fR 
+were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
new file mode 100644
index 0000000..af521a6
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -0,0 +1,204 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_DigestVerifyInit 3"
+.TH EVP_DigestVerifyInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signature verification functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+\&                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
+.PP
+\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
+with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
+\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
+can be used to set alternative verification options.
+.PP
+\&\fIEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+verification context \fBctx\fR. This function can be called several times on the
+same \fBctx\fR to include additional data. This function is currently implemented
+using a macro.
+.PP
+\&\fIEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in
+\&\fBsig\fR of length \fBsiglen\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_DigestVerifyInit()\fR and \fIEVP_DigestVerifyUpdate()\fR return 1 for success and 0
+or a negative value for failure. In particular a return value of \-2 indicates
+the operation is not supported by the public key algorithm.
+.PP
+Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only
+indicates that the signature did not not verify successfully (that is tbs did
+not match the original data or the signature was of invalid form) it is not an
+indication of a more serious error.
+.PP
+The error codes can be obtained from \fIERR_get_error\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+.PP
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
+needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and
+the use of clone digest is now discouraged.
+.PP
+For some key types and parameters the random number generator must be seeded
+or the operation will fail.
+.PP
+The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest
+context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can
+be called later to digest and verify additional data.
+.PP
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
+will occur.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_DigestSignInit\fR\|(3),
+\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
+\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
+\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
+\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_DigestVerifyInit()\fR, \fIEVP_DigestVerifyUpdate()\fR and \fIEVP_DigestVerifyFinal()\fR 
+were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index 56c8c23..ec50eaa 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_EncryptInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index b909a2d..a03a2a9 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_OpenInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
new file mode 100644
index 0000000..7502a6e
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -0,0 +1,251 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_CTX_ctrl 3"
+.TH EVP_PKEY_CTX_ctrl 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_ctrl, EVP_PKEY_ctrl_str \- algorithm specific control operations
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+\&                                int cmd, int p1, void *p2);
+\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+\&                                                const char *value);
+\&
+\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+\&
+\& #include <openssl/rsa.h>
+\&
+\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+\&
+\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+\& int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+\&
+\& #include <openssl/dsa.h>
+\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+\&
+\& #include <openssl/dh.h>
+\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+\&
+\& #include <openssl/ec.h>
+\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fIEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context
+\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter
+\&\fBoptype\fR is a mask indicating which operations the control can be applied to.
+The control command is indicated in \fBcmd\fR and any additional arguments in
+\&\fBp1\fR and \fBp2\fR.
+.PP
+Applications will not normally call \fIEVP_PKEY_CTX_ctrl()\fR directly but will
+instead call one of the algorithm specific macros below.
+.PP
+The function \fIEVP_PKEY_ctrl_str()\fR allows an application to send an algorithm
+specific control operation to a context \fBctx\fR in string form. This is
+intended to be used for options specified on the command line or in text
+files. The commands supported are documented in the openssl utility
+command line pages for the option \fB\-pkeyopt\fR which is supported by the
+\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands.
+.PP
+All the remaining \*(L"functions\*(R" are implemented as macros.
+.PP
+The \fIEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used
+in a signature. It can be used with any public key algorithm supporting
+signature operations.
+.PP
+The macro \fIEVP_PKEY_CTX_set_rsa_padding()\fR sets the \s-1RSA\s0 padding mode for \fBctx\fR.
+The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 padding,
+\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding,
+\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only),
+\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and 
+\&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only).
+.PP
+Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR
+is used. If this macro is called for PKCS#1 padding the plaintext buffer is
+an actual digest value and is encapsulated in a DigestInfo structure according
+to PKCS#1 when signing and this structure is expected (and stripped off) when
+verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the
+supplied data is used directly and not encapsulated. In the case of X9.31
+padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed
+if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.
+.PP
+The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA\s0 \s-1PSS\s0 salt length to
+\&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding.  Two special
+values are supported: \-1 sets the salt length to the digest length. When
+signing \-2 sets the salt length to the maximum permissible value. When
+verifying \-2 causes the salt length to be automatically determined based on the
+\&\fB\s-1PSS\s0\fR block structure. If this macro is not called a salt length value of \-2
+is used by default.
+.PP
+The \fIEVP_PKEY_CTX_set_rsa_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for
+\&\s-1RSA\s0 key genration to \fBbits\fR. If not specified 1024 bits is used.
+.PP
+The \fIEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value
+for \s-1RSA\s0 key generation to \fBpubexp\fR currently it should be an odd integer. The
+\&\fBpubexp\fR pointer is used internally by this function so it should not be 
+modified or free after the call. If this macro is not called then 65537 is used.
+.PP
+The macro \fIEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR sets the number of bits used
+for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used.
+.PP
+The macro \fIEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR sets the length of the \s-1DH\s0
+prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called
+then 1024 is used.
+.PP
+The \fIEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR
+for \s-1DH\s0 parameter generation. If not specified 2 is used.
+.PP
+The \fIEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter
+generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called
+or an error occurs because there is no default curve.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0
+or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3) 
+\&\fIEVP_PKEY_keygen\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
new file mode 100644
index 0000000..ef9c442
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -0,0 +1,174 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_CTX_new 3"
+.TH EVP_PKEY_CTX_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using
+the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR.
+.PP
+The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context
+using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used
+when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example
+during parameter generation of key genration for some algorithms.
+.PP
+\&\fIEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR.
+.PP
+\&\fIEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used
+by the OpenSSL high level public key \s-1API\s0. Contexts \fB\s-1MUST\s0 \s-1NOT\s0\fR be shared between
+threads: that is it is not permissible to use the same context simultaneously
+in two threads.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_CTX_new()\fR, \fIEVP_PKEY_CTX_new_id()\fR, \fIEVP_PKEY_CTX_dup()\fR returns either
+the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred.
+.PP
+\&\fIEVP_PKEY_CTX_free()\fR does not return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
new file mode 100644
index 0000000..f762078
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -0,0 +1,184 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_cmp 3"
+.TH EVP_PKEY_cmp 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+\&
+\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key
+parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+.PP
+The function \fIEVP_PKEY_copy_parameters()\fR copies the parameters from key
+\&\fBfrom\fR to key \fBto\fR.
+.PP
+The funcion \fIEVP_PKEY_cmp_parameters()\fR compares the parameters of keys
+\&\fBa\fR and \fBb\fR.
+.PP
+The funcion \fIEVP_PKEY_cmp()\fR compares the public key components and paramters
+(if present) of keys \fBa\fR and \fBb\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The main purpose of the functions \fIEVP_PKEY_missing_parameters()\fR and
+\&\fIEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the
+parameters are sometimes omitted from a public key if they are inherited from
+the \s-1CA\s0 that signed it.
+.PP
+Since OpenSSL private keys contain public key components too the function
+\&\fIEVP_PKEY_cmp()\fR can also be used to determine if a private key matches
+a public key.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The function \fIEVP_PKEY_missing_parameters()\fR returns 1 if the public key
+parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+.PP
+These functions \fIEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for
+failure.
+.PP
+The function \fIEVP_PKEY_cmp_parameters()\fR and \fIEVP_PKEY_cmp()\fR return 1 if the
+keys match, 0 if they don't match, \-1 if the key types are different and
+\&\-2 if the operation is not supported.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_keygen\fR\|(3)
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
new file mode 100644
index 0000000..88df6e8
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -0,0 +1,216 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_decrypt 3"
+.TH EVP_PKEY_decrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+\&                        unsigned char *out, size_t *outlen,
+\&                        const unsigned char *in, size_t inlen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for a decryption operation.
+.PP
+The \fIEVP_PKEY_decrypt()\fR function performs a public key decryption operation
+using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and
+\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
+buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then
+before the call the \fBoutlen\fR parameter should contain the length of the
+\&\fBout\fR buffer, if the call is successful the decrypted data is written to
+\&\fBout\fR and the amount of data written to \fBoutlen\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+After the call to \fIEVP_PKEY_decrypt_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+The function \fIEVP_PKEY_decrypt()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_decrypt_init()\fR and \fIEVP_PKEY_decrypt()\fR return 1 for success and 0
+or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *out, *in;
+\& size_t outlen, inlen; 
+\& EVP_PKEY *key;
+\& /* NB: assumes key in, inlen are already set up
+\&  * and that key is an RSA private key
+\&  */
+\& ctx = EVP_PKEY_CTX_new(key);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_decrypt_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+\&        /* Error */
+\&
+\& /* Determine buffer length */
+\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+\&        /* Error */
+\&
+\& out = OPENSSL_malloc(outlen);
+\&
+\& if (!out)
+\&        /* malloc failure */
+\& 
+\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+\&        /* Error */
+\&
+\& /* Decrypted data is outlen bytes written to buffer out */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
new file mode 100644
index 0000000..39bd2ce
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
@@ -0,0 +1,216 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_derive 3"
+.TH EVP_PKEY_derive 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_derive_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for shared secret derivation.
+.PP
+The \fIEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally
+be a public key.
+.PP
+The \fIEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR.
+If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to
+the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the
+\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call
+is successful the shared secret is written to \fBkey\fR and the amount of data
+written to \fBkeylen\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+After the call to \fIEVP_PKEY_derive_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+The function \fIEVP_PKEY_derive()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_derive_init()\fR and \fIEVP_PKEY_derive()\fR return 1 for success and 0
+or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys):
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *skey;
+\& size_t skeylen;
+\& EVP_PKEY *pkey, *peerkey;
+\& /* NB: assumes pkey, peerkey have been already set up */
+\&
+\& ctx = EVP_PKEY_CTX_new(pkey);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_derive_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+\&        /* Error */
+\&
+\& /* Determine buffer length */
+\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+\&        /* Error */
+\&
+\& skey = OPENSSL_malloc(skeylen);
+\&
+\& if (!skey)
+\&        /* malloc failure */
+\& 
+\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+\&        /* Error */
+\&
+\& /* Shared secret is skey bytes written to buffer skey */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
new file mode 100644
index 0000000..0232c1f
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -0,0 +1,216 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_encrypt 3"
+.TH EVP_PKEY_encrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+\&                        unsigned char *out, size_t *outlen,
+\&                        const unsigned char *in, size_t inlen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for an encryption operation.
+.PP
+The \fIEVP_PKEY_encrypt()\fR function performs a public key encryption operation
+using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and
+\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
+buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then
+before the call the \fBoutlen\fR parameter should contain the length of the
+\&\fBout\fR buffer, if the call is successful the encrypted data is written to
+\&\fBout\fR and the amount of data written to \fBoutlen\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+After the call to \fIEVP_PKEY_encrypt_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+The function \fIEVP_PKEY_encrypt()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_encrypt_init()\fR and \fIEVP_PKEY_encrypt()\fR return 1 for success and 0
+or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *out, *in;
+\& size_t outlen, inlen; 
+\& EVP_PKEY *key;
+\& /* NB: assumes key in, inlen are already set up
+\&  * and that key is an RSA public key
+\&  */
+\& ctx = EVP_PKEY_CTX_new(key);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_encrypt_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+\&        /* Error */
+\&
+\& /* Determine buffer length */
+\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+\&        /* Error */
+\&
+\& out = OPENSSL_malloc(outlen);
+\&
+\& if (!out)
+\&        /* malloc failure */
+\& 
+\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+\&        /* Error */
+\&
+\& /* Encrypted data is outlen bytes written to buffer out */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
new file mode 100644
index 0000000..dfbe9bd
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
@@ -0,0 +1,163 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_get_default_digest 3"
+.TH EVP_PKEY_get_default_digest 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_get_default_digest_nid \- get default signature digest
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/evp.h>
+\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default
+message digest \s-1NID\s0 for the public key signature operations associated with key
+\&\fBpkey\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The \fIEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest
+is advisory (that is other digests can be used) and 2 if it is mandatory (other
+digests can not be used).  It returns 0 or a negative value for failure. In
+particular a return value of \-2 indicates the operation is not supported by the
+public key algorithm.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+This function was first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
new file mode 100644
index 0000000..a0373f4
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -0,0 +1,288 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_keygen 3"
+.TH EVP_PKEY_keygen 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data \- key and parameter generation functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+\&
+\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+\&
+\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+\&
+\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+\&
+\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_keygen_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for a key genration operation.
+.PP
+The \fIEVP_PKEY_keygen()\fR function performs a key generation operation, the 
+generated key is written to \fBppkey\fR.
+.PP
+The functions \fIEVP_PKEY_paramgen_init()\fR and \fIEVP_PKEY_paramgen()\fR are similar
+except parameters are generated.
+.PP
+The function \fIEVP_PKEY_set_cb()\fR sets the key or parameter generation callback
+to \fBcb\fR. The function \fIEVP_PKEY_CTX_get_cb()\fR returns the key or parameter
+generation callback.
+.PP
+The function \fIEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated
+with the generation operation. If \fBidx\fR is \-1 the total number of
+parameters available is returned. Any non negative value returns the value of
+that parameter. \fIEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for
+\&\fBidx\fR should only be called within the generation callback.
+.PP
+If the callback returns 0 then the key genration operation is aborted and an
+error occurs. This might occur during a time consuming operation where
+a user clicks on a \*(L"cancel\*(R" button.
+.PP
+The functions \fIEVP_PKEY_CTX_set_app_data()\fR and \fIEVP_PKEY_CTX_get_app_data()\fR set
+and retrieve an opaque pointer. This can be used to set some application
+defined value which can be retrieved in the callback: for example a handle
+which is used to update a \*(L"progress dialog\*(R".
+.SH "NOTES"
+.IX Header "NOTES"
+After the call to \fIEVP_PKEY_keygen_init()\fR or \fIEVP_PKEY_paramgen_init()\fR algorithm
+specific control operations can be performed to set any appropriate parameters
+for the operation.
+.PP
+The functions \fIEVP_PKEY_keygen()\fR and \fIEVP_PKEY_paramgen()\fR can be called more than
+once on the same context if several operations are performed using the same
+parameters.
+.PP
+The meaning of the parameters passed to the callback will depend on the
+algorithm and the specifiic implementation of the algorithm. Some might not
+give any useful information at all during key or parameter generation. Others
+might not even call the callback.
+.PP
+The operation performed by key or parameter generation depends on the algorithm
+used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R"
+option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure.
+.PP
+In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the
+public key components and parameters (if any). An OpenSSL private key is
+equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used
+in functions which require the use of a public key or parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_keygen_init()\fR, \fIEVP_PKEY_paramgen_init()\fR, \fIEVP_PKEY_keygen()\fR and
+\&\fIEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure.
+In particular a return value of \-2 indicates the operation is not supported by
+the public key algorithm.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Generate a 2048 bit \s-1RSA\s0 key:
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& EVP_PKEY *pkey = NULL;
+\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_keygen_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+\&        /* Error */
+\&
+\& /* Generate key */
+\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+\&        /* Error */
+.Ve
+.PP
+Generate a key from a set of parameters:
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& EVP_PKEY *pkey = NULL, *param;
+\& /* Assumed param is set up already */
+\& ctx = EVP_PKEY_CTX_new(param);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_keygen_init(ctx) <= 0)
+\&        /* Error */
+\&
+\& /* Generate key */
+\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+\&        /* Error */
+.Ve
+.PP
+Example of generation callback for OpenSSL public key implementations:
+.PP
+.Vb 1
+\& /* Application data is a BIO to output status to */
+\&
+\& EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+\&
+\& static int genpkey_cb(EVP_PKEY_CTX *ctx)
+\&        {
+\&        char c=\*(Aq*\*(Aq;
+\&        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+\&        int p;
+\&        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+\&        if (p == 0) c=\*(Aq.\*(Aq;
+\&        if (p == 1) c=\*(Aq+\*(Aq;
+\&        if (p == 2) c=\*(Aq*\*(Aq;
+\&        if (p == 3) c=\*(Aq\en\*(Aq;
+\&        BIO_write(b,&c,1);
+\&        (void)BIO_flush(b);
+\&        return 1;
+\&        }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
index 7828f4e..deb2d33 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_new 3"
-.TH EVP_PKEY_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_PKEY_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
new file mode 100644
index 0000000..b7d1605
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -0,0 +1,175 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_print_private 3"
+.TH EVP_PKEY_print_private 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+\&                                int indent, ASN1_PCTX *pctx);
+\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+\&                                int indent, ASN1_PCTX *pctx);
+\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+\&                                int indent, ASN1_PCTX *pctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and
+\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components
+of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable
+form. The parameter \fBindent\fR indicated how far the printout should be indented.
+.PP
+The \fBpctx\fR parameter allows the print output to be finely tuned by using
+\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will
+be used.
+.SH "NOTES"
+.IX Header "NOTES"
+Currently no public key algorithms include any options in the \fBpctx\fR parameter 
+parameter.
+.PP
+If the key does not include all the components indicated by the function then
+only those contained in the key will be printed. For example passing a public
+key to \fIEVP_PKEY_print_private()\fR will only print the public components.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+These functions all return 1 for success and 0 or a negative value for failure.
+In particular a return value of \-2 indicates the operation is not supported by
+the public key algorithm.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_keygen\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index f072b5b..57ed50f 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_PKEY_set1_RSA 3"
-.TH EVP_PKEY_set1_RSA 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_PKEY_set1_RSA 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
new file mode 100644
index 0000000..65b4f74
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -0,0 +1,218 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_sign 3"
+.TH EVP_PKEY_sign 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+\&                        unsigned char *sig, size_t *siglen,
+\&                        const unsigned char *tbs, size_t tbslen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_sign_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for a signing operation.
+.PP
+The \fIEVP_PKEY_sign()\fR function performs a public key signing operation
+using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and
+\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
+buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then
+before the call the \fBsiglen\fR parameter should contain the length of the
+\&\fBsig\fR buffer, if the call is successful the signature is written to
+\&\fBsig\fR and the amount of data written to \fBsiglen\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+The function \fIEVP_PKEY_sign()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_sign_init()\fR and \fIEVP_PKEY_sign()\fR return 1 for success and 0
+or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest:
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *md, *sig;
+\& size_t mdlen, siglen; 
+\& EVP_PKEY *signing_key;
+\& /* NB: assumes signing_key, md and mdlen are already set up
+\&  * and that signing_key is an RSA private key
+\&  */
+\& ctx = EVP_PKEY_CTX_new(signing_key);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_sign_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+\&        /* Error */
+\&
+\& /* Determine buffer length */
+\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+\&        /* Error */
+\&
+\& sig = OPENSSL_malloc(siglen);
+\&
+\& if (!sig)
+\&        /* malloc failure */
+\& 
+\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+\&        /* Error */
+\&
+\& /* Signature is siglen bytes written to buffer sig */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
new file mode 100644
index 0000000..ecb9f4a
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -0,0 +1,214 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_verify 3"
+.TH EVP_PKEY_verify 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+\&                        const unsigned char *sig, size_t siglen,
+\&                        const unsigned char *tbs, size_t tbslen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_verify_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for a signature verification operation.
+.PP
+The \fIEVP_PKEY_verify()\fR function performs a public key verification operation
+using \fBctx\fR. The signature is specified using the \fBsig\fR and
+\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally
+signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters.
+.SH "NOTES"
+.IX Header "NOTES"
+After the call to \fIEVP_PKEY_verify_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+The function \fIEVP_PKEY_verify()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_verify_init()\fR and \fIEVP_PKEY_verify()\fR return 1 if the verification was
+successful and 0 if it failed. Unlike other functions the return value 0 from
+\&\fIEVP_PKEY_verify()\fR only indicates that the signature did not not verify
+successfully (that is tbs did not match the original data or the signature was
+of invalid form) it is not an indication of a more serious error.
+.PP
+A negative value indicates an error other that signature verification failure.
+In particular a return value of \-2 indicates the operation is not supported by
+the public key algorithm.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Verify signature using PKCS#1 and \s-1SHA256\s0 digest:
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *md, *sig;
+\& size_t mdlen, siglen; 
+\& EVP_PKEY *verify_key;
+\& /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+\&  * and that verify_key is an RSA public key
+\&  */
+\& ctx = EVP_PKEY_CTX_new(verify_key);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_verify_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+\&        /* Error */
+\&
+\& /* Perform operation */
+\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
+\&
+\& /* ret == 1 indicates success, 0 verify failure and < 0 for some
+\&  * other error.
+\&  */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verifyrecover\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3
new file mode 100644
index 0000000..2b8238d
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verifyrecover.3
@@ -0,0 +1,226 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_verifyrecover 3"
+.TH EVP_PKEY_verifyrecover 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover \- recover signature using a public key algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx);
+\& int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx,
+\&                        unsigned char *rout, size_t *routlen,
+\&                        const unsigned char *sig, size_t siglen);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_verifyrecover_init()\fR function initializes a public key algorithm
+context using key \fBpkey\fR for a verify recover operation.
+.PP
+The \fIEVP_PKEY_verifyrecover()\fR function recovers signed data
+using \fBctx\fR. The signature is specified using the \fBsig\fR and
+\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output
+buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then
+before the call the \fBroutlen\fR parameter should contain the length of the
+\&\fBrout\fR buffer, if the call is successful recovered data is written to
+\&\fBrout\fR and the amount of data written to \fBroutlen\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Normally an application is only interested in whether a signature verification
+operation is successful in those cases the \fIEVP_verify()\fR function should be 
+used.
+.PP
+Sometimes however it is useful to obtain the data originally signed using a
+signing operation. Only certain public key algorithms can recover a signature
+in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode).
+.PP
+After the call to \fIEVP_PKEY_verifyrecover_init()\fR algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+.PP
+The function \fIEVP_PKEY_verifyrecover()\fR can be called more than once on the same
+context if several operations are performed using the same parameters.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_verifyrecover_init()\fR and \fIEVP_PKEY_verifyrecover()\fR return 1 for success
+and 0 or a negative value for failure. In particular a return value of \-2
+indicates the operation is not supported by the public key algorithm.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest:
+.PP
+.Vb 2
+\& #include <openssl/evp.h>
+\& #include <openssl/rsa.h>
+\&
+\& EVP_PKEY_CTX *ctx;
+\& unsigned char *rout, *sig;
+\& size_t routlen, siglen; 
+\& EVP_PKEY *verify_key;
+\& /* NB: assumes verify_key, sig and siglen are already set up
+\&  * and that verify_key is an RSA public key
+\&  */
+\& ctx = EVP_PKEY_CTX_new(verify_key);
+\& if (!ctx)
+\&        /* Error occurred */
+\& if (EVP_PKEY_verifyrecover_init(ctx) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+\&        /* Error */
+\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+\&        /* Error */
+\&
+\& /* Determine buffer length */
+\& if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0)
+\&        /* Error */
+\&
+\& rout = OPENSSL_malloc(routlen);
+\&
+\& if (!rout)
+\&        /* malloc failure */
+\& 
+\& if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0)
+\&        /* Error */
+\&
+\& /* Recovered data is routlen bytes written to buffer rout */
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_CTX_new\fR\|(3),
+\&\fIEVP_PKEY_encrypt\fR\|(3),
+\&\fIEVP_PKEY_decrypt\fR\|(3),
+\&\fIEVP_PKEY_sign\fR\|(3),
+\&\fIEVP_PKEY_verify\fR\|(3),
+\&\fIEVP_PKEY_derive\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions were first added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
index 2301212..eb1266e 100644
--- a/secure/lib/libcrypto/man/EVP_SealInit.3
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_SealInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
index 97044c4..95b5512 100644
--- a/secure/lib/libcrypto/man/EVP_SignInit.3
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_SignInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -201,6 +201,15 @@ will occur.
 .IX Header "BUGS"
 Older versions of this documentation wrongly stated that calls to 
 \&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR.
+.PP
+Since the private key is passed in the call to \fIEVP_SignFinal()\fR any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through \fIEVP_SignUpdate()\fR.
+.PP
+It is not possible to change the signing parameters using these function.
+.PP
+The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIEVP_VerifyInit\fR\|(3),
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
index 3b0160c..3c2b874 100644
--- a/secure/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH EVP_VerifyInit 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -191,6 +191,15 @@ will occur.
 .IX Header "BUGS"
 Older versions of this documentation wrongly stated that calls to 
 \&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR.
+.PP
+Since the public key is passed in the call to \fIEVP_SignFinal()\fR any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through \fIEVP_SignUpdate()\fR.
+.PP
+It is not possible to change the signing parameters using these function.
+.PP
+The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIevp\fR\|(3),
diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3
index ed23da2..54ef54d 100644
--- a/secure/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OBJ_nid2obj 3"
-.TH OBJ_nid2obj 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OBJ_nid2obj 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3
index 6ae7e31..6ba9ada 100644
--- a/secure/lib/libcrypto/man/OPENSSL_Applink.3
+++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_Applink 3"
-.TH OPENSSL_Applink 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OPENSSL_Applink 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
index bbf0a5f..2bda1f7 100644
--- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3
index 47fc966..6141ae1 100644
--- a/secure/lib/libcrypto/man/OPENSSL_config.3
+++ b/secure/lib/libcrypto/man/OPENSSL_config.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_config 3"
-.TH OPENSSL_config 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OPENSSL_config 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
index c8bacb9..df208bd 100644
--- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
+++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_ia32cap 3"
-.TH OPENSSL_ia32cap 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OPENSSL_ia32cap 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
index 200a8e6..44e2b22 100644
--- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
+++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL_load_builtin_modules 3"
-.TH OPENSSL_load_builtin_modules 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OPENSSL_load_builtin_modules 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index 5533385..db72ea3 100644
--- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
new file mode 100644
index 0000000..40258aa
--- /dev/null
+++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
@@ -0,0 +1,165 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PEM_write_bio_CMS_stream 3"
+.TH PEM_write_bio_CMS_stream 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/cms.h>
+\& #include <openssl/pem.h>
+\&
+\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format.
+.PP
+It is otherwise identical to the function \fISMIME_write_CMS()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+This function is effectively a version of the \fIPEM_write_bio_CMS()\fR supporting
+streaming.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
+\&\fICMS_decrypt\fR\|(3),
+\&\fISMIME_write_CMS\fR\|(3),
+\&\fIi2d_CMS_bio_stream\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPEM_write_bio_CMS_stream()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
new file mode 100644
index 0000000..ecd201f
--- /dev/null
+++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
@@ -0,0 +1,163 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PEM_write_bio_PKCS7_stream 3"
+.TH PEM_write_bio_PKCS7_stream 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/pkcs7.h>
+\& #include <openssl/pem.h>
+\&
+\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format.
+.PP
+It is otherwise identical to the function \fISMIME_write_PKCS7()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+This function is effectively a version of the \fIPEM_write_bio_PKCS7()\fR supporting
+streaming.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
+\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
+\&\fIPKCS7_decrypt\fR\|(3),
+\&\fISMIME_write_PKCS7\fR\|(3),
+\&\fIi2d_PKCS7_bio_stream\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPEM_write_bio_PKCS7_stream()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3
index b9b45b3..cf783d0 100644
--- a/secure/lib/libcrypto/man/PKCS12_create.3
+++ b/secure/lib/libcrypto/man/PKCS12_create.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_create 3"
-.TH PKCS12_create 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH PKCS12_create 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3
index 346bb7e..ab296e1 100644
--- a/secure/lib/libcrypto/man/PKCS12_parse.3
+++ b/secure/lib/libcrypto/man/PKCS12_parse.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_parse 3"
-.TH PKCS12_parse 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH PKCS12_parse 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3
index 51ec943..6632a4c3 100644
--- a/secure/lib/libcrypto/man/PKCS7_decrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_decrypt 3"
-.TH PKCS7_decrypt 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH PKCS7_decrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3
index 1ded608..5c7d7d8 100644
--- a/secure/lib/libcrypto/man/PKCS7_encrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_encrypt 3"
-.TH PKCS7_encrypt 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH PKCS7_encrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,44 +145,57 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted.
 \&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
 .SH "NOTES"
 .IX Header "NOTES"
-Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates
-supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to
-be signed using the \s-1RSA\s0 algorithm.
+Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient
+certificates supplied to this function must all contain \s-1RSA\s0 public keys, though
+they do not have to be signed using the \s-1RSA\s0 algorithm.
 .PP
-\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because
-most clients will support it.
+\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
+because most clients will support it.
 .PP
-Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit
-\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively.
+Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64
+bit \s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR
+respectively.
 .PP
-The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its
-parameters.
+The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
+its parameters.
 .PP
-Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME 
+Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
 by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
 \&\fIPKCS7_encrypt()\fR.
 .PP
 The following flags can be passed in the \fBflags\fR parameter.
 .PP
-If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
-to the data.
+If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are
+prepended to the data.
 .PP
-Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
-by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored.
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
+required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then
+\&\fB\s-1PKCS7_TEXT\s0\fR is ignored.
+.PP
+If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output
+suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
+complete and outputting its contents via a function that does not
+properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable 
+results.
+.PP
+Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
+\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+\&\fIBIO_new_PKCS7()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
+\&\fIPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
 The error can be obtained from \fIERR_get_error\fR\|(3).
-.SH "BUGS"
-.IX Header "BUGS"
-The lack of single pass processing and need to hold all data in memory as
-mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 \&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
+The \fB\s-1PKCS7_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
index 4a74d95..6a32613 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH PKCS7_sign 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -140,78 +140,89 @@ PKCS7_sign \- create a PKCS#7 signedData structure
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR
-is the certificate to sign with, \fBpkey\fR is the corresponsding private key.
-\&\fBcerts\fR is an optional additional set of certificates to include in the
-PKCS#7 structure (for example any intermediate CAs in the chain).
+\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is
+the certificate to sign with, \fBpkey\fR is the corresponsding private key.
+\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7
+structure (for example any intermediate CAs in the chain).
 .PP
 The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
 .PP
 \&\fBflags\fR is an optional set of flags.
 .SH "NOTES"
 .IX Header "NOTES"
-Any of the following flags (ored together) can be passed in the \fBflags\fR parameter.
+Any of the following flags (ored together) can be passed in the \fBflags\fR
+parameter.
 .PP
 Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If
 the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
 to the data.
 .PP
 If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
-\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR
-parameter though. This can reduce the size of the signature if the signers certificate
-can be obtained by other means: for example a previously signed message.
+\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the
+\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
 .PP
-The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR 
-is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures
-which are used in S/MIME plaintext signed messages for example.
+The data being signed is included in the \s-1PKCS7\s0 structure, unless
+\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0
+detached signatures which are used in S/MIME plaintext signed messages for
+example.
 .PP
-Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
-by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it.
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as
+required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
 .PP
-The signedData structure includes several PKCS#7 autenticatedAttributes including
-the signing time, the PKCS#7 content type and the supported list of ciphers in
-an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes
-will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are
-omitted.
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no
+authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just
+the SMIMECapabilities are omitted.
 .PP
 If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any
-of these algorithms is disabled then it will not be included.
-.PP
-If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure
-is just initialized ready to perform the signing operation. The signing
-is however \fBnot\fR performed and the data to be signed is not read from
-the \fBdata\fR parameter. Signing is deferred until after the data has been
-written. In this way data can be signed in a single pass. Currently the
-flag \fB\s-1PKCS7_DETACHED\s0\fR \fBmust\fR also be set.
+algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of
+these algorithms is disabled then it will not be included.
+.PP
+If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is
+just initialized ready to perform the signing operation. The signing is however
+\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR
+parameter. Signing is deferred until after the data has been written. In this
+way data can be signed in a single pass.
+.PP
+If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to
+which additional signers and capabilities can be added before finalization.
 .SH "NOTES"
 .IX Header "NOTES"
-Currently the flag \fB\s-1PKCS7_PARTSIGN\s0\fR is only supported for detached
-data. If this flag is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
-complete and outputting its contents via a function that does not
-properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable 
-results.
-.PP
-At present only the \fISMIME_write_PKCS7()\fR function properly finalizes the
-structure.
-.SH "BUGS"
-.IX Header "BUGS"
-\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some
-advanced attributes such as counter signatures are not supported.
+If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
+complete and outputting its contents via a function that does not properly
+finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results.
+.PP
+Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
+\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+\&\fIBIO_new_PKCS7()\fR.
 .PP
-The \s-1SHA1\s0 digest algorithm is currently always used.
+If a signer is specified it will use the default digest for the signing
+algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys.
 .PP
-When the signed data is not detached it will be stored in memory within the
-\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be
-signed due to memory restraints. There should be a way to sign data without
-having to hold it all in memory, this would however require fairly major
-revisions of the OpenSSL \s-1ASN1\s0 code.
+In OpenSSL 1.0.0 the \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be
+\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added
+using the function \fB\f(BIPKCS7_sign_add_signer()\fB\fR. \fB\f(BIPKCS7_final()\fB\fR must also be
+called to finalize the structure if streaming is not enabled. Alternative
+signing digests can also be specified using this method.
+.PP
+In OpenSSL 1.0.0 if \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only
+PKCS#7 structure is output.
+.PP
+In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must
+\&\fB\s-1NOT\s0\fR be \s-1NULL\s0.
+.SH "BUGS"
+.IX Header "BUGS"
+Some advanced attributes such as counter signatures are not supported.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
-The error can be obtained from \fIERR_get_error\fR\|(3).
+\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error
+occurred.  The error can be obtained from \fIERR_get_error\fR\|(3).
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3)
@@ -219,4 +230,6 @@ The error can be obtained from \fIERR_get_error\fR\|(3).
 .IX Header "HISTORY"
 \&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5
 .PP
-The \fB\s-1PKCS7_PARTSIGN\s0\fR flag was added in OpenSSL 0.9.8
+The \fB\s-1PKCS7_PARTIAL\s0\fR flag was added in OpenSSL 1.0.0
+.PP
+The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
new file mode 100644
index 0000000..3d19eb3
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -0,0 +1,206 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS7_sign_add_signer 3"
+.TH PKCS7_sign_add_signer 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private
+key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure
+\&\fBp7\fR.
+.PP
+The \s-1PKCS7\s0 structure should be obtained from an initial call to \fIPKCS7_sign()\fR
+with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0
+signed data structure.
+.PP
+If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public
+key algorithm will be used.
+.PP
+Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure
+is not complete and must be finalized either by streaming (if applicable) or
+a call to \fIPKCS7_final()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The main purpose of this function is to provide finer control over a PKCS#7
+signed data structure where the simpler \fIPKCS7_sign()\fR function defaults are
+not appropriate. For example if multiple signers or non default digest
+algorithms are needed.
+.PP
+Any of the following flags (ored together) can be passed in the \fBflags\fR
+parameter.
+.PP
+If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content
+digest value from the \s-1PKCS7\s0 struture: to add a signer to an existing structure.
+An error occurs if a matching digest value cannot be found to copy. The
+returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set.
+.PP
+If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the 
+\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes
+can be added. In this case an explicit call to \fIPKCS7_SIGNER_INFO_sign()\fR is
+needed to finalize it.
+.PP
+If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
+\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the
+\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+.PP
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no
+authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just
+the SMIMECapabilities are omitted.
+.PP
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of
+these algorithms is disabled then it will not be included.
+.PP
+\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
+structure just added, this can be used to set additional attributes 
+before it is finalized.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
+structure just added or \s-1NULL\s0 if an error occurs.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
+\&\fIPKCS7_final\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPPKCS7_sign_add_signer()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3
index f8825e9..e66a225 100644
--- a/secure/lib/libcrypto/man/PKCS7_verify.3
+++ b/secure/lib/libcrypto/man/PKCS7_verify.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_verify 3"
-.TH PKCS7_verify 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH PKCS7_verify 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
index 0cfc3e9..ae36391 100644
--- a/secure/lib/libcrypto/man/RAND_add.3
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_add 3"
-.TH RAND_add 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RAND_add 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index 94de1d0..1105736 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RAND_bytes 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
index a2478fc..f73ab06 100644
--- a/secure/lib/libcrypto/man/RAND_cleanup.3
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RAND_cleanup 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
index 810ff25..a2ae6c5 100644
--- a/secure/lib/libcrypto/man/RAND_egd.3
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_egd 3"
-.TH RAND_egd 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RAND_egd 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
index 7f070d8..ad6e637 100644
--- a/secure/lib/libcrypto/man/RAND_load_file.3
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RAND_load_file 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
index 28f368c..c1db261 100644
--- a/secure/lib/libcrypto/man/RAND_set_rand_method.3
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RAND_set_rand_method 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
index 97a6fa4..6e513d9 100644
--- a/secure/lib/libcrypto/man/RSA_blinding_on.3
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_blinding_on 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index a43391e..22d8e36 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_check_key 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
index 1ceb537..ec31ef3 100644
--- a/secure/lib/libcrypto/man/RSA_generate_key.3
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_generate_key 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
index 3496e8e..9f9c8a6 100644
--- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
index 5b3a0c65..33e9403 100644
--- a/secure/lib/libcrypto/man/RSA_new.3
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_new 3"
-.TH RSA_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
index 26c558a..35a5617 100644
--- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
index df154d0..214f82b 100644
--- a/secure/lib/libcrypto/man/RSA_print.3
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_print 3"
-.TH RSA_print 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_print 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
index 520476a..829d72e 100644
--- a/secure/lib/libcrypto/man/RSA_private_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_private_encrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
index b0c617c9..ef959d4 100644
--- a/secure/lib/libcrypto/man/RSA_public_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_public_encrypt 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
index a3e6f76..7c817fa 100644
--- a/secure/lib/libcrypto/man/RSA_set_method.3
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_set_method 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
index 254b925..f3a53fc 100644
--- a/secure/lib/libcrypto/man/RSA_sign.3
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_sign 3"
-.TH RSA_sign 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_sign 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
index 50b2f88..54a212b 100644
--- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
index 1a911cc..58e421a 100644
--- a/secure/lib/libcrypto/man/RSA_size.3
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "RSA_size 3"
-.TH RSA_size 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH RSA_size 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3
new file mode 100644
index 0000000..5189923
--- /dev/null
+++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3
@@ -0,0 +1,195 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SMIME_read_CMS 3"
+.TH SMIME_read_CMS 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& SMIME_read_CMS \- parse S/MIME message.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISMIME_read_CMS()\fR parses a message in S/MIME format.
+.PP
+\&\fBin\fR is a \s-1BIO\s0 to read the message from.
+.PP
+If cleartext signing is used then the content is saved in a memory bio which is
+written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL\s0.
+.PP
+The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an
+error occurred.
+.SH "NOTES"
+.IX Header "NOTES"
+If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can
+then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set.
+.PP
+Otherwise the type of the returned structure can be determined
+using \fICMS_get0_type()\fR.
+.PP
+To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be
+initialized to \s-1NULL\s0. For example:
+.PP
+.Vb 2
+\& BIO *cont = NULL;
+\& CMS_ContentInfo *cms;
+\&
+\& cms = SMIME_read_CMS(in, &cont);
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The \s-1MIME\s0 parser used by \fISMIME_read_CMS()\fR is somewhat primitive.  While it will
+handle most S/MIME messages more complex compound formats may not work.
+.PP
+The parser assumes that the CMS_ContentInfo structure is always base64 encoded
+and will not handle the case where it is in binary format or uses quoted
+printable format.
+.PP
+The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message
+which can be processed due to memory restraints: a streaming single pass option
+should be available.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR
+if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_type\fR\|(3)
+\&\fISMIME_read_CMS\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
+\&\fICMS_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISMIME_read_CMS()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
index dded934..80486e8 100644
--- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME_read_PKCS7 3"
-.TH SMIME_read_PKCS7 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH SMIME_read_PKCS7 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3
new file mode 100644
index 0000000..fd2930f
--- /dev/null
+++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3
@@ -0,0 +1,187 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SMIME_write_CMS 3"
+.TH SMIME_write_CMS 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& SMIME_write_CMS \- convert CMS structure to S/MIME format.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0
+structure to produce an S/MIME message.
+.PP
+\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate
+\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be
+supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only
+makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fICMS_sign()\fR is
+called.
+.PP
+If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to
+the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set.
+.PP
+If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only
+be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo
+creation function.
+.PP
+If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must
+be read twice: once to compute the signature in \fICMS_sign()\fR and once to output
+the S/MIME message.
+.PP
+If streaming is performed the content is output in \s-1BER\s0 format using indefinite
+length constructed encoding except in the case of signed data with detached
+content where the content is absent and \s-1DER\s0 format is used.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fISMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an
+option to disable this.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISMIME_write_CMS()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
+\&\fICMS_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISMIME_write_CMS()\fR was added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
index 86935e3..f65d0fc 100644
--- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SMIME_write_PKCS7 3"
-.TH SMIME_write_PKCS7 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH SMIME_write_PKCS7 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,10 +143,9 @@ SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
 \&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7
 structure to produce an S/MIME message.
 .PP
-\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate
-\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is
-being used then the signed data must be supplied in the \fBdata\fR 
-argument. \fBflags\fR is an optional set of flags.
+\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR
+structure. If streaming is enabled then the content must be supplied in the
+\&\fBdata\fR argument. \fBflags\fR is an optional set of flags.
 .SH "NOTES"
 .IX Header "NOTES"
 The following flags can be passed in the \fBflags\fR parameter.
@@ -159,14 +158,17 @@ If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/
 are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR
 is also set.
 .PP
-If the \fB\s-1PKCS7_PARTSIGN\s0\fR flag is set the signed data is finalized
-and output along with the content. This flag should only be set
-if \fB\s-1PKCS7_DETACHED\s0\fR is also set and the previous call to \fIPKCS7_sign()\fR
-also set these flags.
+If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should
+only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to
+\&\fIPKCS7_sign()\fR or \fB\f(BIPKCS7_encrypt()\fB\fR.
 .PP
-If cleartext signing is being used and \fB\s-1PKCS7_PARTSIGN\s0\fR not set then
+If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then
 the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR
 and once to output the S/MIME message.
+.PP
+If streaming is performed the content is output in \s-1BER\s0 format using indefinite
+length constructuted encoding except in the case of signed data with detached
+content where the content is absent and \s-1DER\s0 format is used.
 .SH "BUGS"
 .IX Header "BUGS"
 \&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there
diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
index 91ecb4d..2232689 100644
--- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_ENTRY_get_object 3"
-.TH X509_NAME_ENTRY_get_object 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH X509_NAME_ENTRY_get_object 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index c355a6f..03aac71 100644
--- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_add_entry_by_txt 3"
-.TH X509_NAME_add_entry_by_txt 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH X509_NAME_add_entry_by_txt 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index ff673b5..85c8d37 100644
--- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_get_index_by_NID 3"
-.TH X509_NAME_get_index_by_NID 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH X509_NAME_get_index_by_NID 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
index 99f0c51..961836e 100644
--- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_NAME_print_ex 3"
-.TH X509_NAME_print_ex 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH X509_NAME_print_ex 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
new file mode 100644
index 0000000..5cb5977
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -0,0 +1,385 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_STORE_CTX_get_error 3"
+.TH X509_STORE_CTX_get_error 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/x509.h>
+\& #include <openssl/x509_vfy.h>
+\&
+\& int    X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+\& void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+\& int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+\& X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+\&
+\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+\&
+\& const char *X509_verify_cert_error_string(long n);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions are typically called after \fIX509_verify_cert()\fR has indicated
+an error or in a verification callback to determine the nature of an error.
+.PP
+\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see
+the \fB\s-1ERROR\s0 \s-1CODES\s0\fR section for a full description of all error codes.
+.PP
+\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example
+it might be used in a verification callback to set an error based on additional
+checks.
+.PP
+\&\fIX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a
+non-negative integer representing where in the certificate chain the error
+occurred. If it is zero it occured in the end entity certificate, one if
+it is the certificate which signed the end entity certificate and so on.
+.PP
+\&\fIX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which
+caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant.
+.PP
+\&\fIX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous
+call to \fIX509_verify_cert()\fR is successful. If the call to \fIX509_verify_cert()\fR
+is \fBnot\fR successful the returned chain may be incomplete or invalid. The
+returned chain persists after the \fBctx\fR structure is freed, when it is
+no longer needed it should be free up using:
+.PP
+.Vb 1
+\&  sk_X509_pop_free(chain, X509_free);
+.Ve
+.PP
+\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for
+verification error \fBn\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code.
+.PP
+\&\fIX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth.
+.PP
+\&\fIX509_STORE_CTX_get_current_cert()\fR returns the cerificate which caused the
+error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error.
+.PP
+\&\fIX509_verify_cert_error_string()\fR returns a human readable error string for
+verification error \fBn\fR.
+.SH "ERROR CODES"
+.IX Header "ERROR CODES"
+A list of error codes and messages is shown below.  Some of the
+error codes are defined but currently never returned: these are described as
+\&\*(L"unused\*(R".
+.IP "\fBX509_V_OK: ok\fR" 4
+.IX Item "X509_V_OK: ok"
+the operation was successful.
+.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate"
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL"
+the \s-1CRL\s0 of a certificate could not be found.
+.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature"
+the certificate signature could not be decrypted. This means that the actual
+signature value could not be determined rather than it not matching the
+expected value, this is only meaningful for \s-1RSA\s0 keys.
+.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature"
+the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature
+value could not be determined rather than it not matching the expected value.
+Unused.
+.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key"
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4
+.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure"
+the signature of the certificate is invalid.
+.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4
+.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure"
+the signature of the certificate is invalid.
+.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4
+.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid"
+the certificate is not yet valid: the notBefore date is after the current time.
+.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4
+.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired"
+the certificate has expired: that is the notAfter date is before the current time.
+.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4
+.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid"
+the \s-1CRL\s0 is not yet valid.
+.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4
+.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired"
+the \s-1CRL\s0 has expired.
+.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4
+.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field"
+the certificate notBefore field contains an invalid time.
+.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4
+.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field"
+the certificate notAfter field contains an invalid time.
+.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4
+.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field"
+the \s-1CRL\s0 lastUpdate field contains an invalid time.
+.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4
+.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field"
+the \s-1CRL\s0 nextUpdate field contains an invalid time.
+.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4
+.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory"
+an error occurred trying to allocate memory. This should never happen.
+.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4
+.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate"
+the passed certificate is self signed and the same certificate cannot be found
+in the list of trusted certificates.
+.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4
+.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain"
+the certificate chain could be built up using the untrusted certificates but
+the root could not be found locally.
+.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate"
+the issuer certificate of a locally looked up certificate could not be found.
+This normally means the list of trusted certificates is not complete.
+.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4
+.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate"
+no signatures could be verified because the chain contains only one certificate
+and it is not self signed.
+.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4
+.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long"
+the certificate chain length is greater than the supplied maximum depth. Unused.
+.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4
+.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked"
+the certificate has been revoked.
+.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4
+.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate"
+a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not
+consistent with the supplied purpose.
+.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4
+.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded"
+the basicConstraints pathlength parameter has been exceeded.
+.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4
+.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose"
+the supplied certificate cannot be used for the specified purpose.
+.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4
+.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted"
+the root \s-1CA\s0 is not marked as trusted for the specified purpose.
+.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4
+.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected"
+the root \s-1CA\s0 is marked to reject the specified purpose.
+.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4
+.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch"
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. This is only set
+if issuer check debugging is enabled it is used for status notification and
+is \fBnot\fR in itself an error.
+.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4
+.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch"
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. This is only set if issuer check debugging is enabled it is used
+for status notification and is \fBnot\fR in itself an error.
+.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4
+.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch"
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier of
+the current certificate. This is only set if issuer check debugging is enabled
+it is used for status notification and is \fBnot\fR in itself an error.
+.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4
+.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing"
+the current candidate issuer certificate was rejected because its keyUsage
+extension does not permit certificate signing. This is only set if issuer check
+debugging is enabled it is used for status notification and is \fBnot\fR in itself
+an error.
+.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4
+.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension"
+A certificate extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions.
+.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4
+.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension"
+A certificate policies extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions. This error only
+occurs if policy processing is enabled.
+.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4
+.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy"
+The verification flags were set to require and explicit policy but none was
+present.
+.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4
+.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope"
+The only CRLs that could be found did not match the scope of the certificate.
+.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4
+.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature"
+Some feature of a certificate extension is not supported. Unused.
+.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4
+.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation"
+A name constraint violation occured in the permitted subtrees.
+.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4
+.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation"
+A name constraint violation occured in the excluded subtrees.
+.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4
+.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported"
+A certificate name constraints extension included a minimum or maximum field:
+this is not supported.
+.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4
+.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type"
+An unsupported name constraint type was encountered. OpenSSL currently only
+supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types.
+.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4
+.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax"
+The format of the name constraint is not recognised: for example an email
+address format of a form not mentioned in \s-1RFC3280\s0. This could be caused by
+a garbage extension or some new feature not currently supported.
+.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4
+.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error"
+An error occured when attempting to verify the \s-1CRL\s0 path. This error can only
+happen if extended \s-1CRL\s0 checking is enabled.
+.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4
+.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure"
+an application specific error. This will never be returned unless explicitly
+set by an application.
+.SH "NOTES"
+.IX Header "NOTES"
+The above functions should be used instead of directly referencing the fields
+in the \fBX509_VERIFY_CTX\fR structure.
+.PP
+In versions of OpenSSL before 1.0 the current certificate returned by
+\&\fIX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should
+check the return value before printing out any debugging information relating
+to the current certificate.
+.PP
+If an unrecognised error code is passed to \fIX509_verify_cert_error_string()\fR the
+numerical value of the unknown code is returned in a static buffer. This is not
+thread safe but will never happen unless an invalid code is passed.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_verify_cert\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 281:" 4
+.IX Item "Around line 281:"
+You forgot a '=back' before '=head1'
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
new file mode 100644
index 0000000..36dbf3d
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
@@ -0,0 +1,164 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_STORE_CTX_get_ex_new_index 3"
+.TH X509_STORE_CTX_get_ex_new_index 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data \- add application specific data to X509_STORE_CTX structures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509_vfy.h>
+\&
+\& int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+\&                CRYPTO_EX_new *new_func,
+\&                CRYPTO_EX_dup *dup_func,
+\&                CRYPTO_EX_free *free_func);
+\&
+\& int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
+\&
+\& char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions handle application specific data in X509_STORE_CTX structures.
+Their usage is identical to that of \fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR
+and \fIRSA_get_ex_data()\fR as described in \fIRSA_get_ex_new_index\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+This mechanism is used internally by the \fBssl\fR library to store the \fB\s-1SSL\s0\fR
+structure associated with a verification operation in an \fBX509_STORE_CTX\fR
+structure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRSA_get_ex_new_index\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIX509_STORE_CTX_get_ex_new_index()\fR, \fIX509_STORE_CTX_set_ex_data()\fR and
+\&\fIX509_STORE_CTX_get_ex_data()\fR are available since OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
new file mode 100644
index 0000000..1ec2c14
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -0,0 +1,247 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_STORE_CTX_new 3"
+.TH X509_STORE_CTX_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX initialisation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509_vfy.h>
+\&
+\& X509_STORE_CTX *X509_STORE_CTX_new(void);
+\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+\&
+\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+\&                         X509 *x509, STACK_OF(X509) *chain);
+\&
+\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+\&
+\& void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
+\& void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
+\& void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+\&
+\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use
+by \fIX509_verify_cert()\fR.
+.PP
+\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
+.PP
+\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
+The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR.
+.PP
+\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
+is no longer valid.
+.PP
+\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
+The trusted certificate store is set to \fBstore\fR, the end entity certificate
+to be verified is set to \fBx509\fR and a set of additional certificates (which
+will be untrusted but may be used to build the chain) in \fBchain\fR. Any or
+all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \fB\s-1NULL\s0\fR.
+.PP
+\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR
+to \fBsk\fR. This is an alternative way of specifying trusted certificates 
+instead of using an \fBX509_STORE\fR.
+.PP
+\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to
+\&\fBx\fR.
+.PP
+\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR
+to \fBsk\fR.
+.PP
+\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
+verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is
+enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be
+used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol,
+for example in a PKCS#7 structure.
+.PP
+X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer
+to the verification parameters associated with \fBctx\fR.
+.PP
+\&\fIX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer
+to \fBparam\fR. After this call \fBparam\fR should not be used.
+.PP
+\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification
+method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to
+find an appropriate set of parameters from \fBname\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The certificates and CRLs in a store are used internally and should \fBnot\fR
+be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy
+applications might implicitly use an \fBX509_STORE_CTX\fR like this:
+.PP
+.Vb 2
+\&  X509_STORE_CTX ctx;
+\&  X509_STORE_CTX_init(&ctx, store, cert, chain);
+.Ve
+.PP
+this is \fBnot\fR recommended in new applications they should instead do:
+.PP
+.Vb 5
+\&  X509_STORE_CTX *ctx;
+\&  ctx = X509_STORE_CTX_new();
+\&  if (ctx == NULL)
+\&        /* Bad error */
+\&  X509_STORE_CTX_init(ctx, store, cert, chain);
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The certificates and CRLs in a context are used internally and should \fBnot\fR
+be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
+should be made or reference counts increased instead.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an
+error occurred.
+.PP
+\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
+.PP
+\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
+structure or \fB\s-1NULL\s0\fR if an error occurred.
+.PP
+\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR,
+\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR,
+\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return
+values.
+.PP
+\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_verify_cert\fR\|(3)
+\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
new file mode 100644
index 0000000..41c674c
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
@@ -0,0 +1,289 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_STORE_CTX_set_verify_cb 3"
+.TH X509_STORE_CTX_set_verify_cb 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_STORE_CTX_set_verify_cb \- set verification callback
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509_vfy.h>
+\&
+\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+\&                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
+\&\fBverify_cb\fR overwriting any existing callback.
+.PP
+The verification callback can be used to customise the operation of certificate
+verification, either by overriding error conditions or logging errors for
+debugging purposes.
+.PP
+However a verification callback is \fBnot\fR essential and the default operation
+is often sufficient.
+.PP
+The \fBok\fR parameter to the callback indicates the value the callback should
+return to retain the default behaviour. If it is zero then and error condition
+is indicated. If it is 1 then no error occurred. If the flag
+\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the
+policy checking is complete.
+.PP
+The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that
+is performing the verification operation. A callback can examine this
+structure and receive additional information about the error, for example
+by calling \fIX509_STORE_CTX_get_current_cert()\fR. Additional application data can
+be passed to the callback via the \fBex_data\fR mechanism.
+.SH "WARNING"
+.IX Header "WARNING"
+In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in
+all circumstances because this will allow verification to succeed no matter
+what the error. This effectively removes all security from the application
+because \fBany\fR certificate (including untrusted generated ones) will be
+accepted.
+.SH "NOTES"
+.IX Header "NOTES"
+The verification callback can be set and inherited from the parent structure
+performing the operation. In some cases (such as S/MIME verification) the
+\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the
+only way to set a custom verification callback is by inheriting it from the
+associated \fBX509_STORE\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_STORE_CTX_set_verify_cb()\fR does not return a value.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Default callback operation:
+.PP
+.Vb 4
+\& int verify_callback(int ok, X509_STORE_CTX *ctx)
+\&        {
+\&        return ok;
+\&        }
+.Ve
+.PP
+Simple example, suppose a certificate in the chain is expired and we wish
+to continue after this error:
+.PP
+.Vb 8
+\& int verify_callback(int ok, X509_STORE_CTX *ctx)
+\&        {
+\&        /* Tolerate certificate expiration */
+\&        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+\&                        return 1;
+\&        /* Otherwise don\*(Aqt override */
+\&        return ok;
+\&        }
+.Ve
+.PP
+More complex example, we don't wish to continue after \fBany\fR certificate has
+expired just one specific case:
+.PP
+.Vb 11
+\& int verify_callback(int ok, X509_STORE_CTX *ctx)
+\&        {
+\&        int err = X509_STORE_CTX_get_error(ctx);
+\&        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+\&        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
+\&                {
+\&                if (check_is_acceptable_expired_cert(err_cert)
+\&                        return 1;
+\&                }
+\&        return ok;
+\&        }
+.Ve
+.PP
+Full featured logging callback. In this case the \fBbio_err\fR is assumed to be
+a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using
+\&\fBex_data\fR.
+.PP
+.Vb 4
+\& int verify_callback(int ok, X509_STORE_CTX *ctx)
+\&        {
+\&        X509 *err_cert;
+\&        int err,depth;
+\&
+\&        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+\&        err =   X509_STORE_CTX_get_error(ctx);
+\&        depth = X509_STORE_CTX_get_error_depth(ctx);
+\&
+\&        BIO_printf(bio_err,"depth=%d ",depth);
+\&        if (err_cert)
+\&                {
+\&                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+\&                                        0, XN_FLAG_ONELINE);
+\&                BIO_puts(bio_err, "\en");
+\&                }
+\&        else
+\&                BIO_puts(bio_err, "<no cert>\en");
+\&        if (!ok)
+\&                BIO_printf(bio_err,"verify error:num=%d:%s\en",err,
+\&                        X509_verify_cert_error_string(err));
+\&        switch (err)
+\&                {
+\&        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+\&                BIO_puts(bio_err,"issuer= ");
+\&                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+\&                                        0, XN_FLAG_ONELINE);
+\&                BIO_puts(bio_err, "\en");
+\&                break;
+\&        case X509_V_ERR_CERT_NOT_YET_VALID:
+\&        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+\&                BIO_printf(bio_err,"notBefore=");
+\&                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
+\&                BIO_printf(bio_err,"\en");
+\&                break;
+\&        case X509_V_ERR_CERT_HAS_EXPIRED:
+\&        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+\&                BIO_printf(bio_err,"notAfter=");
+\&                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
+\&                BIO_printf(bio_err,"\en");
+\&                break;
+\&        case X509_V_ERR_NO_EXPLICIT_POLICY:
+\&                policies_print(bio_err, ctx);
+\&                break;
+\&                }
+\&        if (err == X509_V_OK && ok == 2)
+\&                /* print out policies */
+\&
+\&        BIO_printf(bio_err,"verify return:%d\en",ok);
+\&        return(ok);
+\&        }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_STORE_CTX_get_error\fR\|(3)
+\&\fIX509_STORE_set_verify_cb_func\fR\|(3)
+\&\fIX509_STORE_CTX_get_ex_new_index\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIX509_STORE_CTX_set_verify_cb()\fR is available in all versions of SSLeay and
+OpenSSL.
diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
new file mode 100644
index 0000000..a90a151
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -0,0 +1,175 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_STORE_set_verify_cb_func 3"
+.TH X509_STORE_set_verify_cb_func 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb \- set verification callback
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509_vfy.h>
+\&
+\& void X509_STORE_set_verify_cb(X509_STORE *st,
+\&                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+\&
+\& void X509_STORE_set_verify_cb_func(X509_STORE *st,
+\&                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to
+\&\fBverify_cb\fR overwriting any existing callback.
+.PP
+\&\fIX509_STORE_set_verify_cb_func()\fR also sets the verification callback but it
+is implemented as a macro.
+.SH "NOTES"
+.IX Header "NOTES"
+The verification callback from an \fBX509_STORE\fR is inherited by 
+the corresponding \fBX509_STORE_CTX\fR structure when it is initialized. This can
+be used to set the verification callback when the \fBX509_STORE_CTX\fR is 
+otherwise inaccessible (for example during S/MIME verification).
+.SH "BUGS"
+.IX Header "BUGS"
+The macro version of this function was the only one available before 
+OpenSSL 1.0.0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_STORE_set_verify_cb()\fR and \fIX509_STORE_set_verify_cb_func()\fR do not return
+a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_STORE_CTX_set_verify_cb\fR\|(3)
+\&\fICMS_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIX509_STORE_set_verify_cb_func()\fR is available in all versions of SSLeay and
+OpenSSL.
+.PP
+\&\fIX509_STORE_set_verify_cb()\fR was added to OpenSSL 1.0.0.
diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
new file mode 100644
index 0000000..f2eadc4f
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -0,0 +1,292 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_VERIFY_PARAM_set_flags 3"
+.TH X509_VERIFY_PARAM_set_flags 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies \- X509 verification parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509_vfy.h>
+\&
+\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+\&                                                        unsigned long flags);
+\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+\&
+\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+\&
+\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+\&
+\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+\&                                                ASN1_OBJECT *policy);
+\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
+\&                                        STACK_OF(ASN1_OBJECT) *policies);
+\&
+\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with
+a certificate verification operation.
+.PP
+The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring
+it with \fBflags\fR. See the \fB\s-1VERIFICATION\s0 \s-1FLAGS\s0\fR section for a complete
+description of values the \fBflags\fR parameter can take.
+.PP
+\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR.
+.PP
+\&\fIX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR.
+.PP
+\&\fIX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR
+to \fBpurpose\fR. This determines the acceptable purpose of the certificate
+chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server.
+.PP
+\&\fIX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to 
+\&\fBtrust\fR.
+.PP
+\&\fIX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to
+\&\fBt\fR. Normally the current time is used.
+.PP
+\&\fIX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled
+by default) and adds \fBpolicy\fR to the acceptable policy set.
+.PP
+\&\fIX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled
+by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing
+policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear
+an existing policy set.
+.PP
+\&\fIX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR.
+That is the maximum number of untrusted \s-1CA\s0 certificates that can appear in a
+chain.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_VERIFY_PARAM_set_flags()\fR, \fIX509_VERIFY_PARAM_clear_flags()\fR, 
+\&\fIX509_VERIFY_PARAM_set_purpose()\fR, \fIX509_VERIFY_PARAM_set_trust()\fR,
+\&\fIX509_VERIFY_PARAM_add0_policy()\fR and \fIX509_VERIFY_PARAM_set1_policies()\fR return 1
+for success and 0 for failure.
+.PP
+\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags.
+.PP
+\&\fIX509_VERIFY_PARAM_set_time()\fR and \fIX509_VERIFY_PARAM_set_depth()\fR do not return
+values.
+.PP
+\&\fIX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth.
+.SH "VERIFICATION FLAGS"
+.IX Header "VERIFICATION FLAGS"
+The verification flags consists of zero or more of the following flags
+ored together.
+.PP
+\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf
+certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found.
+.PP
+\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate
+chain.
+.PP
+\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default
+any unhandled critical extensions in certificates or (if checked) CRLs results
+in a fatal error. If this flag is set unhandled critical extensions are
+ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging
+purposes can be a security risk. Finer control over which extensions are
+supported can be performed in the verification callback.
+.PP
+THe \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken
+certificates and makes the verification strictly apply \fBX509\fR rules.
+.PP
+\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification.
+.PP
+\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default
+no policy checking is peformed. Additional information is sent to the 
+verification callback relating to policy checking.
+.PP
+\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and
+\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any
+policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in
+\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags
+are set.
+.PP
+If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful
+a special status code is set to the verification callback. This permits it
+to examine the valid policy tree and perform additional checks or simply
+log it for debugging purposes.
+.PP
+By default some addtional features such as indirect CRLs and CRLs signed by
+different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set
+they are enabled.
+.PP
+If \fBX509_V_FLAG_USE_DELTAS\fR ise set delta CRLs (if present) are used to
+determine certificate status. If not set deltas are ignored.
+.PP
+\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed
+cerificate signature. By default this check is disabled because it doesn't
+add any additional security but in some cases applications might want to
+check the signature anyway. A side effect of not checking the root \s-1CA\s0
+signature is that disabled or unsupported message digests on the root \s-1CA\s0
+are not treated as fatal errors.
+.PP
+The \fBX509_V_FLAG_CB_ISSUER_CHECK\fR flag enables debugging of certificate
+issuer checks. It is \fBnot\fR needed unless you are logging certificate
+verification. If this flag is set then additional status codes will be sent
+to the verification callback and it \fBmust\fR be prepared to handle such cases
+without assuming they are hard errors.
+.SH "NOTES"
+.IX Header "NOTES"
+The above functions should be used to manipulate verification parameters
+instead of legacy functions which work in specific structures such as
+\&\fIX509_STORE_CTX_set_flags()\fR.
+.SH "BUGS"
+.IX Header "BUGS"
+Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and
+(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not 
+maintained.
+.PP
+If CRLs checking is enable CRLs are expected to be available in the
+corresponding \fBX509_STORE\fR structure. No attempt is made to download
+CRLs from the \s-1CRL\s0 distribution points extension.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 
+connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR:
+.PP
+.Vb 5
+\&  X509_VERIFY_PARAM *param;
+\&  param = X509_VERIFY_PARAM_new();
+\&  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+\&  SSL_CTX_set1_param(ctx, param);
+\&  X509_VERIFY_PARAM_free(param);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_verify_cert\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3
index 0c115e5..76c3b6e 100644
--- a/secure/lib/libcrypto/man/X509_new.3
+++ b/secure/lib/libcrypto/man/X509_new.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "X509_new 3"
-.TH X509_new 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH X509_new 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3
new file mode 100644
index 0000000..0ee83ac
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_verify_cert.3
@@ -0,0 +1,174 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_verify_cert 3"
+.TH X509_verify_cert 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_verify_cert \- discover and verify X509 certificte chain
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& int X509_verify_cert(X509_STORE_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIX509_verify_cert()\fR function attempts to discover and validate a
+certificate chain based on parameters in \fBctx\fR. A complete description of
+the process is contained in the \fIverify\fR\|(1) manual page.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If a complete chain can be built and validated this function returns 1,
+otherwise it return zero, in exceptional circumstances it can also
+return a negative code.
+.PP
+If the function fails additional error information can be obtained by
+examining \fBctx\fR using, for example \fIX509_STORE_CTX_get_error()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Applications rarely call this function directly but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+\&\s-1SSL/TLS\s0 code.
+.PP
+The negative return value from \fIX509_verify_cert()\fR can only occur if no
+certificate is set in \fBctx\fR (due to a programming error) or if a retry
+operation is requested during internal lookups (which never happens with
+standard lookup methods). It is however recommended that application check
+for <= 0 return value on error.
+.SH "BUGS"
+.IX Header "BUGS"
+This function uses the header \fBx509.h\fR as opposed to most chain verification
+functiosn which use \fBx509_vfy.h\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_STORE_CTX_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIX509_verify_cert()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3
index 6bbc565..a7668cc 100644
--- a/secure/lib/libcrypto/man/bio.3
+++ b/secure/lib/libcrypto/man/bio.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "bio 3"
-.TH bio 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH bio 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3
index 3f194b9..64a0a99 100644
--- a/secure/lib/libcrypto/man/blowfish.3
+++ b/secure/lib/libcrypto/man/blowfish.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "blowfish 3"
-.TH blowfish 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH blowfish 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3
index 8d06742..7713ab4 100644
--- a/secure/lib/libcrypto/man/bn.3
+++ b/secure/lib/libcrypto/man/bn.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "bn 3"
-.TH bn 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH bn 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3
index 39bc4a4..63fadba 100644
--- a/secure/lib/libcrypto/man/bn_internal.3
+++ b/secure/lib/libcrypto/man/bn_internal.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "bn_internal 3"
-.TH bn_internal 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH bn_internal 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3
index 45b94d5..715ebbf 100644
--- a/secure/lib/libcrypto/man/buffer.3
+++ b/secure/lib/libcrypto/man/buffer.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "buffer 3"
-.TH buffer 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH buffer 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3
index 636b33f..fdbb532 100644
--- a/secure/lib/libcrypto/man/crypto.3
+++ b/secure/lib/libcrypto/man/crypto.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "crypto 3"
-.TH crypto 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH crypto 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
index 81f9da6..9cd4ee7 100644
--- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_ASN1_OBJECT 3"
-.TH d2i_ASN1_OBJECT 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_ASN1_OBJECT 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
index 88afc09..03ac58a 100644
--- a/secure/lib/libcrypto/man/d2i_DHparams.3
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_DHparams 3"
-.TH d2i_DHparams 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_DHparams 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
index fab2524..ff04b2f 100644
--- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_DSAPublicKey 3"
-.TH d2i_DSAPublicKey 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_DSAPublicKey 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
index 9abe4bc..bdf72bd 100644
--- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_PKCS8PrivateKey 3"
-.TH d2i_PKCS8PrivateKey 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_PKCS8PrivateKey 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
index 8a79866..e34470c 100644
--- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_RSAPublicKey 3"
-.TH d2i_RSAPublicKey 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_RSAPublicKey 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -139,21 +139,21 @@ d2i_Netscape_RSA \- RSA public and private key encoding functions.
 \& #include <openssl/rsa.h>
 \& #include <openssl/x509.h>
 \&
-\& RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+\& RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
 \&
 \& int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
 \&
-\& RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+\& RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
 \&
 \& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
 \&
-\& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+\& RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
 \&
 \& int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
 \&
 \& int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
 \&
-\& RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+\& RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
index 52eb312..15be489 100644
--- a/secure/lib/libcrypto/man/d2i_X509.3
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509 3"
-.TH d2i_X509 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_X509 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
index bd70e21..8b3a683 100644
--- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509_ALGOR 3"
-.TH d2i_X509_ALGOR 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_X509_ALGOR 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3
index 1c9e66f..012ad56 100644
--- a/secure/lib/libcrypto/man/d2i_X509_CRL.3
+++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509_CRL 3"
-.TH d2i_X509_CRL 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_X509_CRL 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3
index ee68771..6559ed5 100644
--- a/secure/lib/libcrypto/man/d2i_X509_NAME.3
+++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509_NAME 3"
-.TH d2i_X509_NAME 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_X509_NAME 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3
index 8a67d3c..4a3510e 100644
--- a/secure/lib/libcrypto/man/d2i_X509_REQ.3
+++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509_REQ 3"
-.TH d2i_X509_REQ 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_X509_REQ 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3
index 5aa80ca..2a04071 100644
--- a/secure/lib/libcrypto/man/d2i_X509_SIG.3
+++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509_SIG 3"
-.TH d2i_X509_SIG 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH d2i_X509_SIG 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3
index bb4f9ad..e8dc6ce 100644
--- a/secure/lib/libcrypto/man/des.3
+++ b/secure/lib/libcrypto/man/des.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "des 3"
-.TH des 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH des 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3
deleted file mode 100644
index 788e0e8..0000000
--- a/secure/lib/libcrypto/man/des_modes.3
+++ /dev/null
@@ -1,290 +0,0 @@
-.\" Automatically generated by Pod::Man version 1.15
-.\" Mon Jan 13 19:29:14 2003
-.\"
-.\" Standard preamble:
-.\" ======================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-
-.fi
-..
-.\" Set up some character translations and predefined strings.  \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used
-.\" to do unbreakable dashes and therefore won't be available.  \*(C` and
-.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
-.tr \(*W-|\(bv\*(Tr
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-.    ds -- \(*W-
-.    ds PI pi
-.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
-.    ds L" ""
-.    ds R" ""
-.    ds C` ""
-.    ds C' ""
-'br\}
-.el\{\
-.    ds -- \|\(em\|
-.    ds PI \(*p
-.    ds L" ``
-.    ds R" ''
-'br\}
-.\"
-.\" If the F register is turned on, we'll generate index entries on stderr
-.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
-.\" index entries marked with X<> in POD.  Of course, you'll have to process
-.\" the output yourself in some meaningful fashion.
-.if \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
-..
-.    nr % 0
-.    rr F
-.\}
-.\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it
-.\" makes way too many mistakes in technical documents.
-.hy 0
-.if n .na
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
-.bd B 3
-.    \" fudge factors for nroff and troff
-.if n \{\
-.    ds #H 0
-.    ds #V .8m
-.    ds #F .3m
-.    ds #[ \f1
-.    ds #] \fP
-.\}
-.if t \{\
-.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-.    ds #V .6m
-.    ds #F 0
-.    ds #[ \&
-.    ds #] \&
-.\}
-.    \" simple accents for nroff and troff
-.if n \{\
-.    ds ' \&
-.    ds ` \&
-.    ds ^ \&
-.    ds , \&
-.    ds ~ ~
-.    ds /
-.\}
-.if t \{\
-.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-.    \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-.    \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-.    \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-.    ds : e
-.    ds 8 ss
-.    ds o a
-.    ds d- d\h'-1'\(ga
-.    ds D- D\h'-1'\(hy
-.    ds th \o'bp'
-.    ds Th \o'LP'
-.    ds ae ae
-.    ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ======================================================================
-.\"
-.IX Title "des_modes 3"
-.TH des_modes 3 "0.9.7" "2003-01-13" "OpenSSL"
-.UC
-.SH "NAME"
-Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-Several crypto algorithms for OpenSSL can be used in a number of modes.  Those
-are used for using block ciphers in a way similar to stream ciphers, among
-other things.
-.SH "OVERVIEW"
-.IX Header "OVERVIEW"
-.Sh "Electronic Codebook Mode (\s-1ECB\s0)"
-.IX Subsection "Electronic Codebook Mode (ECB)"
-Normally, this is found as the function \fIalgorithm\fR\fI_ecb_encrypt()\fR.
-.Ip "\(bu" 2
-64 bits are enciphered at a time.
-.Ip "\(bu" 2
-The order of the blocks can be rearranged without detection.
-.Ip "\(bu" 2
-The same plaintext block always produces the same ciphertext block
-(for the same key) making it vulnerable to a 'dictionary attack'.
-.Ip "\(bu" 2
-An error will only affect one ciphertext block.
-.Sh "Cipher Block Chaining Mode (\s-1CBC\s0)"
-.IX Subsection "Cipher Block Chaining Mode (CBC)"
-Normally, this is found as the function \fIalgorithm\fR\fI_cbc_encrypt()\fR.
-Be aware that \fIdes_cbc_encrypt()\fR is not really \s-1DES\s0 \s-1CBC\s0 (it does
-not update the \s-1IV\s0); use \fIdes_ncbc_encrypt()\fR instead.
-.Ip "\(bu" 2
-a multiple of 64 bits are enciphered at a time.
-.Ip "\(bu" 2
-The \s-1CBC\s0 mode produces the same ciphertext whenever the same
-plaintext is encrypted using the same key and starting variable.
-.Ip "\(bu" 2
-The chaining operation makes the ciphertext blocks dependent on the
-current and all preceding plaintext blocks and therefore blocks can not
-be rearranged.
-.Ip "\(bu" 2
-The use of different starting variables prevents the same plaintext
-enciphering to the same ciphertext.
-.Ip "\(bu" 2
-An error will affect the current and the following ciphertext blocks.
-.Sh "Cipher Feedback Mode (\s-1CFB\s0)"
-.IX Subsection "Cipher Feedback Mode (CFB)"
-Normally, this is found as the function \fIalgorithm\fR\fI_cfb_encrypt()\fR.
-.Ip "\(bu" 2
-a number of bits (j) <= 64 are enciphered at a time.
-.Ip "\(bu" 2
-The \s-1CFB\s0 mode produces the same ciphertext whenever the same
-plaintext is encrypted using the same key and starting variable.
-.Ip "\(bu" 2
-The chaining operation makes the ciphertext variables dependent on the
-current and all preceding variables and therefore j-bit variables are
-chained together and can not be rearranged.
-.Ip "\(bu" 2
-The use of different starting variables prevents the same plaintext
-enciphering to the same ciphertext.
-.Ip "\(bu" 2
-The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if
-j == k).  In my implementation this is always the case.
-.Ip "\(bu" 2
-Selection of a small value for j will require more cycles through
-the encipherment algorithm per unit of plaintext and thus cause
-greater processing overheads.
-.Ip "\(bu" 2
-Only multiples of j bits can be enciphered.
-.Ip "\(bu" 2
-An error will affect the current and the following ciphertext variables.
-.Sh "Output Feedback Mode (\s-1OFB\s0)"
-.IX Subsection "Output Feedback Mode (OFB)"
-Normally, this is found as the function \fIalgorithm\fR\fI_ofb_encrypt()\fR.
-.Ip "\(bu" 2
-a number of bits (j) <= 64 are enciphered at a time.
-.Ip "\(bu" 2
-The \s-1OFB\s0 mode produces the same ciphertext whenever the same
-plaintext enciphered using the same key and starting variable.  More
-over, in the \s-1OFB\s0 mode the same key stream is produced when the same
-key and start variable are used.  Consequently, for security reasons
-a specific start variable should be used only once for a given key.
-.Ip "\(bu" 2
-The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks.
-.Ip "\(bu" 2
-The use of different start variables values prevents the same
-plaintext enciphering to the same ciphertext, by producing different
-key streams.
-.Ip "\(bu" 2
-Selection of a small value for j will require more cycles through
-the encipherment algorithm per unit of plaintext and thus cause
-greater processing overheads.
-.Ip "\(bu" 2
-Only multiples of j bits can be enciphered.
-.Ip "\(bu" 2
-\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the
-resultant plaintext output.  Every bit error in the ciphertext causes
-only one bit to be in error in the deciphered plaintext.
-.Ip "\(bu" 2
-\&\s-1OFB\s0 mode is not self-synchronizing.  If the two operation of
-encipherment and decipherment get out of synchronism, the system needs
-to be re-initialized.
-.Ip "\(bu" 2
-Each re-initialization should use a value of the start variable
-different from the start variable values used before with the same
-key.  The reason for this is that an identical bit stream would be
-produced each time from the same parameters.  This would be
-susceptible to a 'known plaintext' attack.
-.Sh "Triple \s-1ECB\s0 Mode"
-.IX Subsection "Triple ECB Mode"
-Normally, this is found as the function \fIalgorithm\fR\fI_ecb3_encrypt()\fR.
-.Ip "\(bu" 2
-Encrypt with key1, decrypt with key2 and encrypt with key3 again.
-.Ip "\(bu" 2
-As for \s-1ECB\s0 encryption but increases the key length to 168 bits.
-There are theoretic attacks that can be used that make the effective
-key length 112 bits, but this attack also requires 2^56 blocks of
-memory, not very likely, even for the \s-1NSA\s0.
-.Ip "\(bu" 2
-If both keys are the same it is equivalent to encrypting once with
-just one key.
-.Ip "\(bu" 2
-If the first and last key are the same, the key length is 112 bits.
-There are attacks that could reduce the effective key strength
-to only slightly more than 56 bits, but these require a lot of memory.
-.Ip "\(bu" 2
-If all 3 keys are the same, this is effectively the same as normal
-ecb mode.
-.Sh "Triple \s-1CBC\s0 Mode"
-.IX Subsection "Triple CBC Mode"
-Normally, this is found as the function \fIalgorithm\fR\fI_ede3_cbc_encrypt()\fR.
-.Ip "\(bu" 2
-Encrypt with key1, decrypt with key2 and then encrypt with key3.
-.Ip "\(bu" 2
-As for \s-1CBC\s0 encryption but increases the key length to 168 bits with
-the same restrictions as for triple ecb mode.
-.SH "NOTES"
-.IX Header "NOTES"
-This text was been written in large parts by Eric Young in his original
-documentation for SSLeay, the predecessor of OpenSSL.  In turn, he attributed
-it to:
-.PP
-.Vb 5
-\&        AS 2805.5.2
-\&        Australian Standard
-\&        Electronic funds transfer - Requirements for interfaces,
-\&        Part 5.2: Modes of operation for an n-bit block cipher algorithm
-\&        Appendix A
-.Ve
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-blowfish(3), des(3), idea(3),
-rc2(3)
diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3
index 4271a3c..b2db59c 100644
--- a/secure/lib/libcrypto/man/dh.3
+++ b/secure/lib/libcrypto/man/dh.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "dh 3"
-.TH dh 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH dh 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3
index acdbbdc..2fce576 100644
--- a/secure/lib/libcrypto/man/dsa.3
+++ b/secure/lib/libcrypto/man/dsa.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "dsa 3"
-.TH dsa 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH dsa 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3
index 6e467e6..c9278b2 100644
--- a/secure/lib/libcrypto/man/ecdsa.3
+++ b/secure/lib/libcrypto/man/ecdsa.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ecdsa 3"
-.TH ecdsa 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ecdsa 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -243,7 +243,7 @@ using the public key \fBeckey\fR.
 .IX Header "RETURN VALUES"
 \&\fIECDSA_size()\fR returns the maximum length signature or 0 on error.
 .PP
-\&\fIECDSA_sign_setup()\fR and \fIECDSA_sign()\fR return 1 if successful or \-1
+\&\fIECDSA_sign_setup()\fR and \fIECDSA_sign()\fR return 1 if successful or 0
 on error.
 .PP
 \&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid
diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3
index 7870e17..b72dfb3 100644
--- a/secure/lib/libcrypto/man/engine.3
+++ b/secure/lib/libcrypto/man/engine.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "engine 3"
-.TH engine 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH engine 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3
index 62528db..84308aa 100644
--- a/secure/lib/libcrypto/man/err.3
+++ b/secure/lib/libcrypto/man/err.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "err 3"
-.TH err 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH err 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3
index 4127137..ff2936c 100644
--- a/secure/lib/libcrypto/man/evp.3
+++ b/secure/lib/libcrypto/man/evp.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "evp 3"
-.TH evp 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH evp 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -150,14 +150,24 @@ digital signatures.
 Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR
 functions.  The \fBEVP_Digest\fR\fI...\fR functions provide message digests.
 .PP
+The \fB\s-1EVP_PKEY\s0\fR\fI...\fR functions provide a high level interface to
+asymmetric algorithms.
+.PP
 Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3).
 .PP
-All the symmetric algorithms (ciphers) and digests can be replaced by \s-1ENGINE\s0
-modules providing alternative implementations. If \s-1ENGINE\s0 implementations of
-ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions
-will automatically use those implementations automatically in preference to
-built in software implementations. For more information, consult the \fIengine\fR\|(3)
-man page.
+All the symmetric algorithms (ciphers), digests and asymmetric algorithms
+(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative
+implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered
+as defaults, then the various \s-1EVP\s0 functions will automatically use those
+implementations automatically in preference to built in software
+implementations. For more information, consult the \fIengine\fR\|(3) man page.
+.PP
+Although low level algorithm specific functions exist for many algorithms
+their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0
+versions of new algorithms cannot be accessed using the low level functions.
+Also makes code harder to adapt to new algorithms and some options are not 
+cleanly supported at the low level and some operations are more efficient
+using the high level interface.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIEVP_DigestInit\fR\|(3),
diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3
index 683226e..063b950 100644
--- a/secure/lib/libcrypto/man/hmac.3
+++ b/secure/lib/libcrypto/man/hmac.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "hmac 3"
-.TH hmac 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH hmac 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,12 +143,12 @@ authentication code
 \&
 \& void HMAC_CTX_init(HMAC_CTX *ctx);
 \&
-\& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
 \&               const EVP_MD *md);
-\& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
 \&                   const EVP_MD *md, ENGINE *impl);
-\& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
-\& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 \&
 \& void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 \& void HMAC_cleanup(HMAC_CTX *ctx);
@@ -203,10 +203,13 @@ be authenticated (\fBlen\fR bytes at \fBdata\fR).
 must have space for the hash function output.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code.
+\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if
+an error occurred.
 .PP
-\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and
-\&\fIHMAC_CTX_cleanup()\fR do not return values.
+\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR return 1 for success or 0 if
+an error occurred.
+.PP
+\&\fIHMAC_CTX_init()\fR and \fIHMAC_CTX_cleanup()\fR do not return values.
 .SH "CONFORMING TO"
 .IX Header "CONFORMING TO"
 \&\s-1RFC\s0 2104
@@ -220,3 +223,6 @@ are available since SSLeay 0.9.0.
 .PP
 \&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available
 since OpenSSL 0.9.7.
+.PP
+\&\fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR and \fIHMAC_Final()\fR did not return values in
+versions of OpenSSL before 1.0.0.
diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
new file mode 100644
index 0000000..0b6a18f
--- /dev/null
+++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
@@ -0,0 +1,167 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "i2d_CMS_bio_stream 3"
+.TH i2d_CMS_bio_stream 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format.
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/cms.h>
+\&
+\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format.
+.PP
+It is otherwise identical to the function \fISMIME_write_CMS()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+This function is effectively a version of the \fIi2d_CMS_bio()\fR supporting
+streaming.
+.SH "BUGS"
+.IX Header "BUGS"
+The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
+\&\fICMS_verify\fR\|(3), \fICMS_encrypt\fR\|(3)
+\&\fICMS_decrypt\fR\|(3),
+\&\fISMIME_write_CMS\fR\|(3),
+\&\fIPEM_write_bio_CMS_stream\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIi2d_CMS_bio_stream()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
new file mode 100644
index 0000000..175a1d1
--- /dev/null
+++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
@@ -0,0 +1,165 @@
+.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "i2d_PKCS7_bio_stream 3"
+.TH i2d_PKCS7_bio_stream 3 "2012-05-10" "1.0.1c" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format.
+.PP
+It is otherwise identical to the function \fISMIME_write_PKCS7()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+This function is effectively a version of the \fId2i_PKCS7_bio()\fR supporting
+streaming.
+.SH "BUGS"
+.IX Header "BUGS"
+The prefix \*(L"d2i\*(R" is arguably wrong because the function outputs \s-1BER\s0 format.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
+\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
+\&\fIPKCS7_decrypt\fR\|(3),
+\&\fISMIME_write_PKCS7\fR\|(3),
+\&\fIPEM_write_bio_PKCS7_stream\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIi2d_PKCS7_bio_stream()\fR was added to OpenSSL 1.0.0
diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3
index 3cf9362..8cb3bc0 100644
--- a/secure/lib/libcrypto/man/lh_stats.3
+++ b/secure/lib/libcrypto/man/lh_stats.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "lh_stats 3"
-.TH lh_stats 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH lh_stats 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3
index b53637b..d673cd0 100644
--- a/secure/lib/libcrypto/man/lhash.3
+++ b/secure/lib/libcrypto/man/lhash.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "lhash 3"
-.TH lhash 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH lhash 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -136,18 +136,20 @@ lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_e
 .Vb 1
 \& #include <openssl/lhash.h>
 \&
-\& LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare);
-\& void lh_free(LHASH *table);
+\& DECLARE_LHASH_OF(<type>);
 \&
-\& void *lh_insert(LHASH *table, void *data);
-\& void *lh_delete(LHASH *table, void *data);
-\& void *lh_retrieve(LHASH *table, void *data);
+\& LHASH *lh_<type>_new();
+\& void lh_<type>_free(LHASH_OF(<type> *table);
 \&
-\& void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func);
-\& void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func,
-\&          void *arg);
+\& <type> *lh_<type>_insert(LHASH_OF(<type> *table, <type> *data);
+\& <type> *lh_<type>_delete(LHASH_OF(<type> *table, <type> *data);
+\& <type> *lh_retrieve(LHASH_OF<type> *table, <type> *data);
 \&
-\& int lh_error(LHASH *table);
+\& void lh_<type>_doall(LHASH_OF(<type> *table, LHASH_DOALL_FN_TYPE func);
+\& void lh_<type>_doall_arg(LHASH_OF(<type> *table, LHASH_DOALL_ARG_FN_TYPE func,
+\&          <type2>, <type2> *arg);
+\&
+\& int lh_<type>_error(LHASH_OF(<type> *table);
 \&
 \& typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
 \& typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
@@ -156,118 +158,118 @@ lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_e
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-This library implements dynamic hash tables. The hash table entries
-can be arbitrary structures. Usually they consist of key and value
-fields.
+This library implements type-checked dynamic hash tables. The hash
+table entries can be arbitrary structures. Usually they consist of key
+and value fields.
 .PP
-\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure to store arbitrary data
-entries, and provides the 'hash' and 'compare' callbacks to be used in
-organising the table's entries.  The \fBhash\fR callback takes a pointer
-to a table entry as its argument and returns an unsigned long hash
-value for its key field.  The hash value is normally truncated to a
-power of 2, so make sure that your hash function returns well mixed
-low order bits.  The \fBcompare\fR callback takes two arguments (pointers
-to two hash table entries), and returns 0 if their keys are equal,
-non-zero otherwise.  If your hash table will contain items of some
-particular type and the \fBhash\fR and \fBcompare\fR callbacks hash/compare
-these types, then the \fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and
-\&\fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback
-wrappers of the prototypes required by \fIlh_new()\fR.  These provide
-per-variable casts before calling the type-specific callbacks written
-by the application author.  These macros, as well as those used for
-the \*(L"doall\*(R" callbacks, are defined as;
+lh_<type>\fI_new()\fR creates a new \fB\s-1LHASH_OF\s0(<type\fR> structure to store
+arbitrary data entries, and provides the 'hash' and 'compare'
+callbacks to be used in organising the table's entries.  The \fBhash\fR
+callback takes a pointer to a table entry as its argument and returns
+an unsigned long hash value for its key field.  The hash value is
+normally truncated to a power of 2, so make sure that your hash
+function returns well mixed low order bits.  The \fBcompare\fR callback
+takes two arguments (pointers to two hash table entries), and returns
+0 if their keys are equal, non-zero otherwise.  If your hash table
+will contain items of some particular type and the \fBhash\fR and
+\&\fBcompare\fR callbacks hash/compare these types, then the
+\&\fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be
+used to create callback wrappers of the prototypes required by
+lh_<type>\fI_new()\fR.  These provide per-variable casts before calling the
+type-specific callbacks written by the application author.  These
+macros, as well as those used for the \*(L"doall\*(R" callbacks, are defined
+as;
 .PP
 .Vb 7
-\& #define DECLARE_LHASH_HASH_FN(f_name,o_type) \e
-\&         unsigned long f_name##_LHASH_HASH(const void *);
-\& #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \e
-\&         unsigned long f_name##_LHASH_HASH(const void *arg) { \e
-\&                 o_type a = (o_type)arg; \e
-\&                 return f_name(a); }
-\& #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+\& #define DECLARE_LHASH_HASH_FN(name, o_type) \e
+\&         unsigned long name##_LHASH_HASH(const void *);
+\& #define IMPLEMENT_LHASH_HASH_FN(name, o_type) \e
+\&         unsigned long name##_LHASH_HASH(const void *arg) { \e
+\&                 const o_type *a = arg; \e
+\&                 return name##_hash(a); }
+\& #define LHASH_HASH_FN(name) name##_LHASH_HASH
 \&
-\& #define DECLARE_LHASH_COMP_FN(f_name,o_type) \e
-\&         int f_name##_LHASH_COMP(const void *, const void *);
-\& #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \e
-\&         int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \e
-\&                 o_type a = (o_type)arg1; \e
-\&                 o_type b = (o_type)arg2; \e
-\&                 return f_name(a,b); }
-\& #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+\& #define DECLARE_LHASH_COMP_FN(name, o_type) \e
+\&         int name##_LHASH_COMP(const void *, const void *);
+\& #define IMPLEMENT_LHASH_COMP_FN(name, o_type) \e
+\&         int name##_LHASH_COMP(const void *arg1, const void *arg2) { \e
+\&                 const o_type *a = arg1;                    \e
+\&                 const o_type *b = arg2; \e
+\&                 return name##_cmp(a,b); }
+\& #define LHASH_COMP_FN(name) name##_LHASH_COMP
 \&
-\& #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \e
-\&         void f_name##_LHASH_DOALL(const void *);
-\& #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \e
-\&         void f_name##_LHASH_DOALL(const void *arg) { \e
-\&                 o_type a = (o_type)arg; \e
-\&                 f_name(a); }
-\& #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+\& #define DECLARE_LHASH_DOALL_FN(name, o_type) \e
+\&         void name##_LHASH_DOALL(void *);
+\& #define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \e
+\&         void name##_LHASH_DOALL(void *arg) { \e
+\&                 o_type *a = arg; \e
+\&                 name##_doall(a); }
+\& #define LHASH_DOALL_FN(name) name##_LHASH_DOALL
+\&
+\& #define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e
+\&         void name##_LHASH_DOALL_ARG(void *, void *);
+\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e
+\&         void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \e
+\&                 o_type *a = arg1; \e
+\&                 a_type *b = arg2; \e
+\&                 name##_doall_arg(a, b); }
+\& #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+\&
+\& An example of a hash table storing (pointers to) structures of type \*(AqSTUFF\*(Aq
+\& could be defined as follows;
 \&
-\& #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e
-\&         void f_name##_LHASH_DOALL_ARG(const void *, const void *);
-\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e
-\&         void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \e
-\&                 o_type a = (o_type)arg1; \e
-\&                 a_type b = (a_type)arg2; \e
-\&                 f_name(a,b); }
-\& #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
-.Ve
-.PP
-An example of a hash table storing (pointers to) structures of type '\s-1STUFF\s0'
-could be defined as follows;
-.PP
-.Vb 10
 \& /* Calculates the hash value of \*(Aqtohash\*(Aq (implemented elsewhere) */
 \& unsigned long STUFF_hash(const STUFF *tohash);
 \& /* Orders \*(Aqarg1\*(Aq and \*(Aqarg2\*(Aq (implemented elsewhere) */
-\& int STUFF_cmp(const STUFF *arg1, const STUFF *arg2);
+\& int stuff_cmp(const STUFF *arg1, const STUFF *arg2);
 \& /* Create the type\-safe wrapper functions for use in the LHASH internals */
-\& static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *)
-\& static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *);
+\& static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF);
+\& static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF);
 \& /* ... */
 \& int main(int argc, char *argv[]) {
 \&         /* Create the new hash table using the hash/compare wrappers */
-\&         LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash),
+\&         LHASH_OF(STUFF) *hashtable = lh_STUFF_new(LHASH_HASH_FN(STUFF_hash),
 \&                                   LHASH_COMP_FN(STUFF_cmp));
 \&         /* ... */
 \& }
 .Ve
 .PP
-\&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table
-entries will not be freed; consider using \fIlh_doall()\fR to deallocate any
-remaining entries in the hash table (see below).
+lh_<type>\fI_free()\fR frees the \fB\s-1LHASH_OF\s0(<type\fR> structure
+\&\fBtable\fR. Allocated hash table entries will not be freed; consider
+using lh_<type>\fI_doall()\fR to deallocate any remaining entries in the
+hash table (see below).
 .PP
-\&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR.
-If there already is an entry with the same key, the old value is
-replaced. Note that \fIlh_insert()\fR stores pointers, the data are not
-copied.
+lh_<type>\fI_insert()\fR inserts the structure pointed to by \fBdata\fR into
+\&\fBtable\fR.  If there already is an entry with the same key, the old
+value is replaced. Note that lh_<type>\fI_insert()\fR stores pointers, the
+data are not copied.
 .PP
-\&\fIlh_delete()\fR deletes an entry from \fBtable\fR.
+lh_<type>\fI_delete()\fR deletes an entry from \fBtable\fR.
 .PP
-\&\fIlh_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is
-a structure with the key field(s) set; the function will return a
+lh_<type>\fI_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR
+is a structure with the key field(s) set; the function will return a
 pointer to a fully populated structure.
 .PP
-\&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with
-the data item as its parameter.  For \fIlh_doall()\fR and \fIlh_doall_arg()\fR,
-function pointer casting should be avoided in the callbacks (see
-\&\fB\s-1NOTE\s0\fR) \- instead, either declare the callbacks to match the
-prototype required in \fIlh_new()\fR or use the declare/implement macros to
-create type-safe wrappers that cast variables prior to calling your
-type-specific callbacks.  An example of this is illustrated here where
-the callback is used to cleanup resources for items in the hash table
-prior to the hashtable itself being deallocated:
+lh_<type>\fI_doall()\fR will, for every entry in the hash table, call
+\&\fBfunc\fR with the data item as its parameter.  For lh_<type>\fI_doall()\fR
+and lh_<type>\fI_doall_arg()\fR, function pointer casting should be avoided
+in the callbacks (see \fB\s-1NOTE\s0\fR) \- instead use the declare/implement
+macros to create type-checked wrappers that cast variables prior to
+calling your type-specific callbacks.  An example of this is
+illustrated here where the callback is used to cleanup resources for
+items in the hash table prior to the hashtable itself being
+deallocated:
 .PP
 .Vb 9
 \& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */
-\& void STUFF_cleanup(STUFF *a);
+\& void STUFF_cleanup_doall(STUFF *a);
 \& /* Implement a prototype\-compatible wrapper for "STUFF_cleanup" */
-\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *)
+\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF)
 \&         /* ... then later in the code ... */
 \& /* So to run "STUFF_cleanup" against all items in a hash table ... */
-\& lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
+\& lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
 \& /* Then the hash table itself can be deallocated */
-\& lh_free(hashtable);
+\& lh_STUFF_free(hashtable);
 .Ve
 .PP
 When doing this, be careful if you delete entries from the hash table
@@ -279,51 +281,52 @@ you start (which will stop the hash table ever decreasing in size).
 The best solution is probably to avoid deleting items from the hash
 table inside a \*(L"doall\*(R" callback!
 .PP
-\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will be
-called with \fBarg\fR as the second argument and \fBfunc\fR should be of
-type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed
-both the table entry and an extra argument).  As with \fIlh_doall()\fR, you
-can instead choose to declare your callback with a prototype matching
-the types you are dealing with and use the declare/implement macros to
-create compatible wrappers that cast variables before calling your
-type-specific callbacks.  An example of this is demonstrated here
-(printing all hash table entries to a \s-1BIO\s0 that is provided by the
-caller):
+lh_<type>\fI_doall_arg()\fR is the same as lh_<type>\fI_doall()\fR except that
+\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR
+should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype
+that is passed both the table entry and an extra argument).  As with
+\&\fIlh_doall()\fR, you can instead choose to declare your callback with a
+prototype matching the types you are dealing with and use the
+declare/implement macros to create compatible wrappers that cast
+variables before calling your type-specific callbacks.  An example of
+this is demonstrated here (printing all hash table entries to a \s-1BIO\s0
+that is provided by the caller):
 .PP
-.Vb 7
+.Vb 8
 \& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */
-\& void STUFF_print(const STUFF *a, BIO *output_bio);
+\& void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio);
 \& /* Implement a prototype\-compatible wrapper for "STUFF_print" */
-\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *)
+\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO)
 \&         /* ... then later in the code ... */
 \& /* Print out the entire hashtable to a particular BIO */
-\& lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio);
+\& lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO,
+\&                    logging_bio);
 .Ve
 .PP
-\&\fIlh_error()\fR can be used to determine if an error occurred in the last
-operation. \fIlh_error()\fR is a macro.
+lh_<type>\fI_error()\fR can be used to determine if an error occurred in the last
+operation. lh_<type>\fI_error()\fR is a macro.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fIlh_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new
+lh_<type>\fI_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new
 \&\fB\s-1LHASH\s0\fR structure.
 .PP
-When a hash table entry is replaced, \fIlh_insert()\fR returns the value
+When a hash table entry is replaced, lh_<type>\fI_insert()\fR returns the value
 being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error.
 .PP
-\&\fIlh_delete()\fR returns the entry being deleted.  \fB\s-1NULL\s0\fR is returned if
+lh_<type>\fI_delete()\fR returns the entry being deleted.  \fB\s-1NULL\s0\fR is returned if
 there is no such value in the hash table.
 .PP
-\&\fIlh_retrieve()\fR returns the hash table entry if it has been found,
+lh_<type>\fI_retrieve()\fR returns the hash table entry if it has been found,
 \&\fB\s-1NULL\s0\fR otherwise.
 .PP
-\&\fIlh_error()\fR returns 1 if an error occurred in the last operation, 0
+lh_<type>\fI_error()\fR returns 1 if an error occurred in the last operation, 0
 otherwise.
 .PP
-\&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values.
+lh_<type>\fI_free()\fR, lh_<type>\fI_doall()\fR and lh_<type>\fI_doall_arg()\fR return no values.
 .SH "NOTE"
 .IX Header "NOTE"
 The various \s-1LHASH\s0 macros and callback types exist to make it possible
-to write type-safe code without resorting to function-prototype
+to write type-checked code without resorting to function-prototype
 casting \- an evil that makes application code much harder to
 audit/verify and also opens the window of opportunity for stack
 corruption and other hard-to-find bugs.  It also, apparently, violates
@@ -360,7 +363,7 @@ DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types
 without any \*(L"const\*(R" qualifiers.
 .SH "BUGS"
 .IX Header "BUGS"
-\&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error.
+lh_<type>\fI_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error.
 .SH "INTERNALS"
 .IX Header "INTERNALS"
 The following description is based on the SSLeay documentation:
@@ -406,8 +409,8 @@ will be much less expensive that 10 calls to your compare function.
 .Ve
 .PP
 Since the \fB\s-1LHASH\s0\fR routines would normally be passed structures, this
-routine would not normally be passed to \fIlh_new()\fR, rather it would be
-used in the function passed to \fIlh_new()\fR.
+routine would not normally be passed to lh_<type>\fI_new()\fR, rather it would be
+used in the function passed to lh_<type>\fI_new()\fR.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIlh_stats\fR\|(3)
@@ -422,3 +425,6 @@ In OpenSSL 0.9.7, all lhash functions that were passed function pointers
 were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0,
 \&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 
 became available.
+.PP
+In OpenSSL 1.0.0, the lhash interface was revamped for even better
+type checking.
diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3
index 3336380..88e80e4 100644
--- a/secure/lib/libcrypto/man/md5.3
+++ b/secure/lib/libcrypto/man/md5.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "md5 3"
-.TH md5 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH md5 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3
index 9208d5d..dd3cf9a 100644
--- a/secure/lib/libcrypto/man/mdc2.3
+++ b/secure/lib/libcrypto/man/mdc2.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "mdc2 3"
-.TH mdc2 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH mdc2 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3
index d026ece..44e52de 100644
--- a/secure/lib/libcrypto/man/pem.3
+++ b/secure/lib/libcrypto/man/pem.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "pem 3"
-.TH pem 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH pem 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3
index 4811a71..05beb93 100644
--- a/secure/lib/libcrypto/man/rand.3
+++ b/secure/lib/libcrypto/man/rand.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "rand 3"
-.TH rand 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH rand 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3
index 3734d1d3..580a309 100644
--- a/secure/lib/libcrypto/man/rc4.3
+++ b/secure/lib/libcrypto/man/rc4.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "rc4 3"
-.TH rc4 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH rc4 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3
index c7fb2b6..ca65f97 100644
--- a/secure/lib/libcrypto/man/ripemd.3
+++ b/secure/lib/libcrypto/man/ripemd.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ripemd 3"
-.TH ripemd 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ripemd 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3
index 4827791..2eb9556 100644
--- a/secure/lib/libcrypto/man/rsa.3
+++ b/secure/lib/libcrypto/man/rsa.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "rsa 3"
-.TH rsa 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH rsa 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3
index a56c29a..4e7ebc2 100644
--- a/secure/lib/libcrypto/man/sha.3
+++ b/secure/lib/libcrypto/man/sha.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "sha 3"
-.TH sha 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH sha 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3
index cc5a413..9f03f73 100644
--- a/secure/lib/libcrypto/man/threads.3
+++ b/secure/lib/libcrypto/man/threads.3
@@ -124,13 +124,15 @@
 .\" ========================================================================
 .\"
 .IX Title "threads 3"
-.TH threads 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH threads 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
-CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback,
+CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy,
+CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks,
 CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
 CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
 CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support
@@ -139,14 +141,26 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support
 .Vb 1
 \& #include <openssl/crypto.h>
 \&
-\& void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
-\&        int n, const char *file, int line));
-\&
-\& void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+\& /* Don\*(Aqt use this structure directly. */
+\& typedef struct crypto_threadid_st
+\&         {
+\&         void *ptr;
+\&         unsigned long val;
+\&         } CRYPTO_THREADID;
+\& /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+\& void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
+\& void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+\& int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
+\& void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
+\& void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+\& int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a,
+\&                         const CRYPTO_THREADID *b);
+\& void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest,
+\&                          const CRYPTO_THREADID *src);
+\& unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
 \&
 \& int CRYPTO_num_locks(void);
 \&
-\&
 \& /* struct CRYPTO_dynlock_value needs to be defined by the user */
 \& struct CRYPTO_dynlock_value;
 \&
@@ -178,7 +192,8 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 OpenSSL can safely be used in multi-threaded applications provided
-that at least two callback functions are set.
+that at least two callback functions are set, locking_function and
+threadid_func.
 .PP
 locking_function(int mode, int n, const char *file, int line) is
 needed to perform locking on shared data structures. 
@@ -193,10 +208,34 @@ different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR &
 \&\fBfile\fR and \fBline\fR are the file number of the function setting the
 lock. They can be useful for debugging.
 .PP
-id_function(void) is a function that returns a thread \s-1ID\s0, for example
-\&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below).  It isn't
-needed on Windows nor on platforms where \fIgetpid()\fR returns a different
-\&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below).
+threadid_func(\s-1CRYPTO_THREADID\s0 *id) is needed to record the currently-executing
+thread's identifier into \fBid\fR. The implementation of this callback should not
+fill in \fBid\fR directly, but should use \fICRYPTO_THREADID_set_numeric()\fR if thread
+IDs are numeric, or \fICRYPTO_THREADID_set_pointer()\fR if they are pointer-based.
+If the application does not register such a callback using
+\&\fICRYPTO_THREADID_set_callback()\fR, then a default implementation is used \- on
+Windows and BeOS this uses the system's default thread identifying APIs, and on
+all other platforms it uses the address of \fBerrno\fR. The latter is satisfactory
+for thread-safety if and only if the platform has a thread-local error number
+facility.
+.PP
+Once \fIthreadid_func()\fR is registered, or if the built-in default implementation is
+to be used;
+.IP "\(bu" 4
+\&\fICRYPTO_THREADID_current()\fR records the currently-executing thread \s-1ID\s0 into the
+given \fBid\fR object.
+.IP "\(bu" 4
+\&\fICRYPTO_THREADID_cmp()\fR compares two thread IDs (returning zero for equality, ie.
+the same semantics as \fImemcmp()\fR).
+.IP "\(bu" 4
+\&\fICRYPTO_THREADID_cpy()\fR duplicates a thread \s-1ID\s0 value,
+.IP "\(bu" 4
+\&\fICRYPTO_THREADID_hash()\fR returns a numeric value usable as a hash-table key. This
+is usually the exact numeric or pointer-based thread \s-1ID\s0 used internally, however
+this also handles the unusual case where pointers are larger than 'long'
+variables and the platform's thread IDs are pointer-based \- in this case, mixing
+is done to attempt to produce a unique numeric value even though it is not as
+wide as the platform's true thread IDs.
 .PP
 Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
 of OpenSSL need it for better performance.  To enable this, the following
@@ -263,32 +302,20 @@ You can find out if OpenSSL was configured with thread support:
 .PP
 Also, dynamic locks are currently not used internally by OpenSSL, but
 may do so in the future.
-.PP
-Defining id_function(void) has it's own issues.  Generally speaking,
-\&\fIpthread_self()\fR should be used, even on platforms where \fIgetpid()\fR gives
-different answers in each thread, since that may depend on the machine
-the program is run on, not the machine where the program is being
-compiled.  For instance, Red Hat 8 Linux and earlier used
-LinuxThreads, whose \fIgetpid()\fR returns a different value for each
-thread.  Red Hat 9 Linux and later use \s-1NPTL\s0, which is
-Posix-conformant, and has a \fIgetpid()\fR that returns the same value for
-all threads in a process.  A program compiled on Red Hat 8 and run on
-Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for
-all threads.
-.PP
-There is still the issue of platforms where \fIpthread_self()\fR returns
-something other than an integer.  This is a bit unusual, and this
-manual has no cookbook solution for that case.
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 \&\fBcrypto/threads/mttest.c\fR shows examples of the callback functions on
 Solaris, Irix and Win32.
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fICRYPTO_set_locking_callback()\fR and \fICRYPTO_set_id_callback()\fR are
+\&\fICRYPTO_set_locking_callback()\fR is
 available in all versions of SSLeay and OpenSSL.
 \&\fICRYPTO_num_locks()\fR was added in OpenSSL 0.9.4.
 All functions dealing with dynamic locks were added in OpenSSL 0.9.5b\-dev.
+\&\fB\s-1CRYPTO_THREADID\s0\fR and associated functions were introduced in OpenSSL 1.0.0
+to replace (actually, deprecate) the previous \fICRYPTO_set_id_callback()\fR,
+\&\fICRYPTO_get_id_callback()\fR, and \fICRYPTO_thread_id()\fR functions which assumed
+thread IDs to always be represented by 'unsigned long'.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIcrypto\fR\|(3)
diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3
index 61d8181..cca3354 100644
--- a/secure/lib/libcrypto/man/ui.3
+++ b/secure/lib/libcrypto/man/ui.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ui 3"
-.TH ui 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ui 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3
index 2632a0c..754fe23 100644
--- a/secure/lib/libcrypto/man/ui_compat.3
+++ b/secure/lib/libcrypto/man/ui_compat.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "ui_compat 3"
-.TH ui_compat 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH ui_compat 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3
index f9502ae..0d02d50 100644
--- a/secure/lib/libcrypto/man/x509.3
+++ b/secure/lib/libcrypto/man/x509.3
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "x509 3"
-.TH x509 3 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH x509 3 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l